Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

.bhx / mim attachment [RESOLVED]

Started by IDLEMiND , Mar 29 2006 05:50 AM

  • This topic is locked This topic is locked

#1
IDLEMiND
Posted 29 March 2006 - 05:50 AM

IDLEMiND

    New Member

  • Member
  • Pip
  • 3 posts
my system is automatically sending mails thru my yahoo / gmail accounts to my yahoo groups
with attached file (.bhx and/or .mim) this is over 2 months now and my norton 2006 cant do nothing with it.. i also tried to fix it with symantec's blackmal remover but to no avail.. i cant even detect it..

heres my log
thanks in advance :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 7:38:49 PM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\vsnpmi03.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Media Key\OSD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\IDLEMIND\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AutoRun] "D:\AUTORUN\AutoRun.exe" "/10"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SNPMI03] C:\WINDOWS\vsnpmi03.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Total RapidShare Grabber\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKCU\..\Run: [Registry911] C:\Program Files\Registry 911\registry911.exe /s
O4 - HKCU\..\RunOnce: [gi1064920235] "C:\DOCUME~1\IDLEMIND\LOCALS~1\Temp\24S11B7V\scrollbar-free\Resume.exe" "C:\Documents and Settings\IDLEMIND\Desktop\scrollbar-free.exe" /resume:"C:\DOCUME~1\IDLEMIND\LOCALS~1\Temp\24S11B7V" "Please insert a first setup disk or map network drive with file C:\Documents and Settings\IDLEMIND\Desktop\scrollbar-free.exe" "0-Code Scrollbars Style Creator - Free Edition"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Y!mLite - {9B04D939-D9D1-45e0-9FBF-5A31AAF7A68A} - C:\Documents and Settings\IDLEMIND\My Documents\My Web Sites\booters\YMlite\YMlite\ymlite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements

#2
Buckeye_Sam
Posted 29 March 2006 - 06:57 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:

Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run directly from your desktop or a temp directory.
  • Download and run the HijackThis autoinstall program
  • Please choose the default location of C:\Program Files as the destination.
  • Run the program only from that location from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.

===========

  • Please Download Blackmail Removal Tool from here.
  • Save the file to a convenient location, such as your Windows desktop.
  • Double-click Antinyxem-EN.exe to start the removal tool.
  • The program will scan all running processes, and then you will be able to click the Scan button.
  • Click Scan to begin the tool, and then allow it to run.
  • Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.
  • Reboot, and post a new HijackThis log as well as the ActiveScan report.

  • 0

#3
IDLEMiND
Posted 01 April 2006 - 04:06 AM

IDLEMiND

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
active scan report


Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
Spyware:spyware/cws.olehelp Not disinfected Windows Registry
Spyware:Cookie/217.73.66.16 Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@888[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@burstnet[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@casalemedia[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@fastclick[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@gostats[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@hotlog[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@questionmarket[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@spylog[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@statcounter[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@tribalfusion[1].txt
Spyware:Cookie/Mp3s Hits Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@yadro[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[.888.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[.belnk.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\IDLEMIND\Application Data\Mozilla\Firefox\Profiles\uj4hrmjt.default\cookies.txt[]
Spyware:Cookie/217.73.66.16 Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@888[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@burstnet[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@casalemedia[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@fastclick[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@gostats[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@hotlog[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@questionmarket[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@spylog[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@statcounter[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@tribalfusion[1].txt
Spyware:Cookie/Mp3s Hits Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\IDLEMIND\Cookies\idlemind@yadro[1].txt
Spyware:Spyware/LinkReplacer Not disinfected C:\Documents and Settings\IDLEMIND\Desktop\temp\nov132k5\aug-32k5\july222k5\fdpro40install.exe
Hacktool:HackTool/EvID4226 Not disinfected C:\Documents and Settings\IDLEMIND\Desktop\temp\winsock repair\EvID4226Patch.exe
Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\idlemind's\tools\stuffs\accessdiver\tcpip patcher.zip[EvID4226Patch.exe]
Hacktool:Hacktool/Passview.E Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\idlemind's\tools\stuffs\pass revealer\protected storage pass revealer.exe
Hacktool:Flooder/Acid.A Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\My Web Sites\OLDIES\booters\nov13 update\tools\illusionv2.zip[acid.exe]
Spyware:Spyware/LinkReplacer Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\temp\july222k5\fdpro40install.exe
Potentially unwanted tool:Application/PerfectKeyLog.AB Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\tools\i_bpk2003.zip[i_bpk2003.exe]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\tools\i_bpk2003.zip[bpk.exe]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\tools\i_bpk2003.zip[bpkun.exe]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\tools\i_bpk2003.zip[bpkvw.exe]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\tools\i_bpk2003.zip[Setup.exe]
Potentially unwanted tool:Application/PerfectKeylog.B Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\tools\i_bpk2003.zip[bpkhk.dll]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\tools\i_bpk2003.zip[bpki.dll]
Potentially unwanted tool:Application/PerfectKeylog.C Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\tools\i_bpk2003.zip[bpkwb.dll]
Potentially unwanted tool:Application/PerfectKeylog.D Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\tools\i_bpk2003.zip[bpk.chm]
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\tools\i_bpk2003.zip[bpkr.exe]
Hacktool:Hacktool/Passview.E Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\tools\protected storage pass revealer.exe
Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\tools\tcpip patcher\EvID4226Patch.exe
Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\IDLEMIND\My Documents\tools\tcpip patcher.zip[EvID4226Patch.exe]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 6:05:11 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\vsnpmi03.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Media Key\MagicKey.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Media Key\OSD.EXE
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AutoRun] "D:\AUTORUN\AutoRun.exe" "/10"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SNPMI03] C:\WINDOWS\vsnpmi03.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Total RapidShare Grabber\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKCU\..\Run: [Registry911] C:\Program Files\Registry 911\registry911.exe /s
O4 - HKCU\..\RunOnce: [gi1064920235] "C:\DOCUME~1\IDLEMIND\LOCALS~1\Temp\24S11B7V\scrollbar-free\Resume.exe" "C:\Documents and Settings\IDLEMIND\Desktop\scrollbar-free.exe" /resume:"C:\DOCUME~1\IDLEMIND\LOCALS~1\Temp\24S11B7V" "Please insert a first setup disk or map network drive with file C:\Documents and Settings\IDLEMIND\Desktop\scrollbar-free.exe" "0-Code Scrollbars Style Creator - Free Edition"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Y!mLite - {9B04D939-D9D1-45e0-9FBF-5A31AAF7A68A} - C:\Documents and Settings\IDLEMIND\My Documents\My Web Sites\booters\YMlite\YMlite\ymlite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

* Blackmail Removal Tool didnt finy any variants of blackmail

thank in advance for your good deeds'
  • 0

#4
Buckeye_Sam
Posted 01 April 2006 - 11:52 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I don't see any signs that you are infected with the Blackmail virus. Most likely your email address has been spoofed and is being used, but the emails are not coming directly from you.

Panda did pick up a few things that you should get rid of.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
    C:\Documents and Settings\IDLEMIND\Desktop\temp\nov132k5\aug-32k5\july222k5\fdpro40install.exe
    C:\Documents and Settings\IDLEMIND\Desktop\temp\winsock repair\EvID4226Patch.exe
    C:\Documents and Settings\IDLEMIND\My Documents\idlemind's\tools\stuffs\accessdiver\tcpip patcher.zip
    C:\Documents and Settings\IDLEMIND\My Documents\idlemind's\tools\stuffs\pass revealer\protected storage pass revealer.exe
    C:\Documents and Settings\IDLEMIND\My Documents\My Web Sites\OLDIES\booters\nov13 update\tools\illusionv2.zip
    C:\Documents and Settings\IDLEMIND\My Documents\temp\july222k5\fdpro40install.exe
    C:\Documents and Settings\IDLEMIND\My Documents\tools\i_bpk2003.zip
    C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


==========


Download and run Winsock XP Fix to flush out the remains of your new.net infection.
http://www.majorgeek...wnload4372.html


==========


Let me know of any other problems that you are still having.
  • 0

#5
IDLEMiND
Posted 01 April 2006 - 12:24 PM

IDLEMiND

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Most likely your email address has been spoofed and is being used, but the emails are not coming directly from you.

this makes sense! thank you so much sir SAM'
i really appreciates your good deeds..
more power to this great site!
  • 0

#6
Buckeye_Sam
Posted 01 April 2006 - 09:12 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP