Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dr. Watson and the Dreaded Blue Screen[RESOLVED]

Started by VoiceMajor , Feb 27 2005 05:55 PM

  • This topic is locked This topic is locked

#16
Guest_thatman_*
Posted 02 March 2005 - 03:46 PM

Guest_thatman_*
  • Guest
VoiceMajor HJT.log

Logfile of HijackThis v1.99.1
Scan saved at 2:53:00 PM, on 3/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TEXTBR~1\BIN\INSTAN~1.EXE
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\YAHOO!\BROWSER\YCOMMON.EXE
C:\Program Files\Hewlett-Packard\CLJ1500\Toolbox\HPPOUMUI.EXE
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Status Monitor CLJ1500] C:\Program Files\Hewlett-Packard\CLJ1500\\Toolbox\HPPOUMUI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://sheetmusic.mu...ad/mnviewer.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093537514222
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell..../SysProfLCD.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

Advertisements

#17
Guest_thatman_*
Posted 02 March 2005 - 10:42 PM

Guest_thatman_*
  • Guest
Hi VoiceMajor

Your HJT.Log is clean.

Please post the results from the virus scans, we can move on too the next step

Kc :tazz:
  • 0

#18
VoiceMajor
Posted 03 March 2005 - 12:11 PM

VoiceMajor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ThatMan:

Thanks again for all your help. For anyone reading this with Dr. Watson problems, I strongly suggest following the directions to post your own problem and run your own HiJack This Log.

Knowing how many people are having problems, I will understand if it takes a while to get back to me. At least my system is up and running, albeit with viruses still present.

Here is the Panda log which is pretty much the same as the housecall scan which I only printed out and did not capture.

How do I get rid of these viruses that they say are not cleanable or that they cannot disinfect?


Incident Status Location

Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\netrb.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\SYSTEM32\ivsre.dll
Virus:JS/IEstart.D Disinfected C:\WINDOWS\SYSTEM32\dluaq.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\SYSTEM32\ksedc.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\SYSTEM32\ejffw.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\SYSTEM32\krhal.dll
Virus:JS/IEstart.D Disinfected C:\WINDOWS\SYSTEM32\qblps.dll
Virus:JS/IEstart.D Disinfected C:\WINDOWS\SYSTEM32\pefpa.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\mfckz32.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\bombg.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\bpzcl.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\cooza.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\cwgxd.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\emqgs.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\erdup.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\haxnx.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\jmbyi.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\kuyqi.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\nezoa.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\potpj.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\sxtnk.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\tnnkm.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\vjljj.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\vmqbn.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\wwipl.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\xpvlj.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\xsoxf.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\zttjg.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\zvikk.dll.tcf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\javamu.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\SYSTEM32\kayty.dll
Adware:Adware/OneMore.A No disinfected C:\WINDOWS\SYSTEM32\sscpn.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\appme32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\sysng.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ipgo32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\javawv.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ntmd.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\addxq.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\sysek32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\winbf.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\apiej.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\d3ka.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ntas32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\atlfu.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\apitg32.exe
Adware:Adware/NetPals No disinfected C:\WINDOWS\SYSTEM32\ATPartners.dll.tcf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\winlr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\d3kx32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\d3nh.exe
Adware:Adware/HT401 No disinfected C:\WINDOWS\SYSTEM32\gfsau.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\SYSTEM32\pqjra.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\SYSTEM32\zvizu.dll
Virus:JS/IEstart.D Disinfected C:\WINDOWS\slilr.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\brkzui.dat
Virus:JS/IEstart.D Disinfected C:\WINDOWS\luhte.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\ccbon.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\xpowzg.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\vzhvzm.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\cojqwz.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\rjoggy.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\bswdyg.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\dktial.dat
Adware:Adware/HT401 No disinfected C:\WINDOWS\nrcxi.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\eqwgn.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\hvylwz.dat
Adware:Adware/HT401 No disinfected C:\WINDOWS\qsbvdr.txt
Adware:Adware/HT401 No disinfected C:\WINDOWS\eusezo.log
Adware:Adware/HT401 No disinfected C:\WINDOWS\isown.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_mexixj.txt
Adware:Adware/Winshow No disinfected C:\WINDOWS\buhpc.dll.tcf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_avmqmn.dat
Adware:Adware/Winshow No disinfected C:\WINDOWS\bzkjk.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\fablj.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\ipsej.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\kaozr.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\meepo.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\pchnd.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\qftok.dll.tcf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_voqajg.dat
Adware:Adware/Winshow No disinfected C:\WINDOWS\tohtz.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\wcqjc.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\xvbod.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\yymrw.dll.tcf
Adware:Adware/Winshow No disinfected C:\WINDOWS\zrzea.dll.tcf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_fuultj.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_xsenbc.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_yuafgd.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_iysrfy.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_rjoabg.log
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_ghhlbw.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_rlhkcc.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\vewncl.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\syyevy.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_atpabo.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_okngbw.log
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_qoxesm.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_ofyavs.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_ohogwt.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\offwmz.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mbqzro.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlje.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\mprzwd.log
Adware:Adware/Winshow No disinfected C:\WINDOWS\qctseo.txt
Adware:Adware/Winshow No disinfected C:\WINDOWS\gwnvfy.log
Adware:Adware/Winshow No disinfected C:\WINDOWS\ooxios.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_ewivtv.dat
Adware:Adware/Winshow No disinfected C:\WINDOWS\hdcozu.txt
Adware:Adware/Winshow No disinfected C:\WINDOWS\tqpdql.txt
Adware:Adware/Winshow No disinfected C:\WINDOWS\zezdsv.log
Adware:Adware/Winshow No disinfected C:\WINDOWS\qastds.txt
Spyware:Spyware/Petro-Line No disinfected C:\WINDOWS\n_tlndss.dat
Spyware:Spyware/Petro-Line No disinfected C:\WINDOWS\n_xhxugy.txt
Spyware:Spyware/Petro-Line No disinfected C:\WINDOWS\n_hpuikq.log
Adware:Adware/Winshow No disinfected C:\WINDOWS\wdjbzu.log
Adware:Adware/OneMore.A No disinfected C:\WINDOWS\keyhv.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\xqnilv.txt
Adware:Adware/Winshow No disinfected C:\WINDOWS\gqsjcx.log
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_wuoank.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlxd.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_kqjsmm.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_rexmsh.log
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_zjjfvr.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_keiziq.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_ntxlog.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_ofhlsh.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_lfirro.log
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_hfqpxe.log
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_cdbutn.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_xdozwk.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_lyvdgk.log
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_huptbq.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_lwtrzn.log
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_aqowao.log
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_vkkmrl.log
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_aedygu.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_qgmdxn.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_agbzas.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javasv.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iekv.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netvj.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mssw32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crwy32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipze32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javald.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appzm32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javaon32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apide.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\winco32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addiv32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3rk.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3rm.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipwu.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcgp.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\biicz.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\uavnd.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addpo32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apinw.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\hkqzz.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\ugboi.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\vjogq.dll
Adware:Adware/ISearch No disinfected C:\HJT\backups\backup-20050228-204135-209.inf
Adware:Adware/SearchAid No disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
  • 0

#19
Guest_thatman_*
Posted 03 March 2005 - 01:17 PM

Guest_thatman_*
  • Guest
Hi VoiceMajor

1. Download the Pocket Killbox.
2. Unzip the contents of KillBox.zip to a convenient location.
3. Double-click on KillBox.exe.
4. Click "Replace on Reboot" and check the "Use Dummy" box.
5. Paste this file into the top "Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM32\netrb.dll

6. Click the "Delete File" button which looks like a stop sign.
7. Click "Yes" at the Replace on Reboot prompt.

I have split the following items in to groups off 10 when you have copyed 30 items in to killbox reboot and start with the next 30 items

1
C:\WINDOWS\SYSTEM32\netrb.dll
C:\WINDOWS\SYSTEM32\ivsre.dll
C:\WINDOWS\SYSTEM32\ksedc.dll
C:\WINDOWS\SYSTEM32\ejffw.dll
C:\WINDOWS\SYSTEM32\krhal.dll
C:\WINDOWS\SYSTEM32\mfckz32.dll
C:\WINDOWS\SYSTEM32\bombg.dll.tcf
C:\WINDOWS\SYSTEM32\bpzcl.dll.tcf
C:\WINDOWS\SYSTEM32\cooza.dll.tcf
C:\WINDOWS\SYSTEM32\cwgxd.dll.tcf

2
C:\WINDOWS\SYSTEM32\emqgs.dll.tcf
C:\WINDOWS\SYSTEM32\erdup.dll.tcf
C:\WINDOWS\SYSTEM32\haxnx.dll.tcf
C:\WINDOWS\SYSTEM32\jmbyi.dll.tcf
C:\WINDOWS\SYSTEM32\kuyqi.dll.tcf
C:\WINDOWS\SYSTEM32\nezoa.dll.tcf
C:\WINDOWS\SYSTEM32\potpj.dll.tcf
C:\WINDOWS\SYSTEM32\sxtnk.dll.tcf
C:\WINDOWS\SYSTEM32\tnnkm.dll.tcf
C:\WINDOWS\SYSTEM32\vjljj.dll.tcf

3
C:\WINDOWS\SYSTEM32\vmqbn.dll.tcf
C:\WINDOWS\SYSTEM32\wwipl.dll.tcf
C:\WINDOWS\SYSTEM32\xpvlj.dll.tcf
C:\WINDOWS\SYSTEM32\xsoxf.dll.tcf
C:\WINDOWS\SYSTEM32\zttjg.dll.tcf
C:\WINDOWS\SYSTEM32\zvikk.dll.tcf
C:\WINDOWS\SYSTEM32\javamu.dll
C:\WINDOWS\SYSTEM32\kayty.dll
C:\WINDOWS\SYSTEM32\sscpn.dll
C:\WINDOWS\SYSTEM32\appme32.exe

4
C:\WINDOWS\SYSTEM32\sysng.exe
C:\WINDOWS\SYSTEM32\ipgo32.exe
C:\WINDOWS\SYSTEM32\javawv.exe
C:\WINDOWS\SYSTEM32\ntmd.exe
C:\WINDOWS\SYSTEM32\addxq.exe
C:\WINDOWS\SYSTEM32\sysek32.exe
C:\WINDOWS\SYSTEM32\winbf.exe
C:\WINDOWS\SYSTEM32\apiej.exe
C:\WINDOWS\SYSTEM32\d3ka.exe
C:\WINDOWS\SYSTEM32\ntas32.exe

5
C:\WINDOWS\SYSTEM32\atlfu.exe
C:\WINDOWS\SYSTEM32\apitg32.exe
C:\WINDOWS\SYSTEM32\ATPartners.dll.tcf
C:\WINDOWS\SYSTEM32\winlr32.dll
C:\WINDOWS\SYSTEM32\d3kx32.dll
C:\WINDOWS\SYSTEM32\d3nh.exe
C:\WINDOWS\SYSTEM32\gfsau.dll
C:\WINDOWS\SYSTEM32\pqjra.dll
C:\WINDOWS\SYSTEM32\zvizu.dll
C:\WINDOWS\brkzui.dat

6
C:\WINDOWS\luhte.dll
C:\WINDOWS\ccbon.dll
C:\WINDOWS\xpowzg.dat
C:\WINDOWS\vzhvzm.dat
C:\WINDOWS\cojqwz.dat
C:\WINDOWS\rjoggy.dat
C:\WINDOWS\bswdyg.dat
C:\WINDOWS\dktial.dat
C:\WINDOWS\nrcxi.dll
C:\WINDOWS\eqwgn.dll

7
C:\WINDOWS\hvylwz.dat
C:\WINDOWS\qsbvdr.txt
C:\WINDOWS\eusezo.log
C:\WINDOWS\isown.dll
C:\WINDOWS\n_mexixj.txt
C:\WINDOWS\buhpc.dll.tcf
C:\WINDOWS\n_avmqmn.dat
C:\WINDOWS\bzkjk.dll.tcf
C:\WINDOWS\fablj.dll.tcf
C:\WINDOWS\ipsej.dll.tcf

8
C:\WINDOWS\kaozr.dll.tcf
C:\WINDOWS\meepo.dll.tcf
C:\WINDOWS\pchnd.dll.tcf
C:\WINDOWS\qftok.dll.tcf
C:\WINDOWS\n_voqajg.dat
C:\WINDOWS\tohtz.dll.tcf
C:\WINDOWS\wcqjc.dll.tcf
C:\WINDOWS\xvbod.dll.tcf
C:\WINDOWS\yymrw.dll.tcf
C:\WINDOWS\zrzea.dll.tcf

9
C:\WINDOWS\n_fuultj.txt
C:\WINDOWS\n_xsenbc.txt
C:\WINDOWS\n_yuafgd.txt
C:\WINDOWS\n_iysrfy.txt
C:\WINDOWS\n_rjoabg.log
C:\WINDOWS\n_ghhlbw.dat
C:\WINDOWS\n_rlhkcc.dat
C:\WINDOWS\vewncl.dat
C:\WINDOWS\syyevy.dat
C:\WINDOWS\n_atpabo.dat

10
C:\WINDOWS\n_okngbw.log
C:\WINDOWS\n_qoxesm.dat
C:\WINDOWS\n_ofyavs.txt
C:\WINDOWS\n_ohogwt.txt
C:\WINDOWS\offwmz.dat
C:\WINDOWS\mbqzro.dat
C:\WINDOWS\atlje.dll
C:\WINDOWS\mprzwd.log
C:\WINDOWS\qctseo.txt
C:\WINDOWS\gwnvfy.log

11
C:\WINDOWS\ooxios.txt
C:\WINDOWS\n_ewivtv.dat
C:\WINDOWS\hdcozu.txt
C:\WINDOWS\tqpdql.txt
C:\WINDOWS\zezdsv.log
C:\WINDOWS\qastds.txt
C:\WINDOWS\n_tlndss.dat
C:\WINDOWS\n_xhxugy.txt
C:\WINDOWS\n_hpuikq.log
C:\WINDOWS\wdjbzu.log

12
C:\WINDOWS\keyhv.dll
C:\WINDOWS\xqnilv.txt
C:\WINDOWS\gqsjcx.log
C:\WINDOWS\n_wuoank.txt
C:\WINDOWS\atlxd.dll
C:\WINDOWS\n_kqjsmm.dat
C:\WINDOWS\n_rexmsh.log
C:\WINDOWS\n_zjjfvr.dat
C:\WINDOWS\n_keiziq.txt
C:\WINDOWS\n_ntxlog.dat

13
C:\WINDOWS\n_ofhlsh.dat
C:\WINDOWS\n_lfirro.log
C:\WINDOWS\n_hfqpxe.log
C:\WINDOWS\n_cdbutn.txt
C:\WINDOWS\n_xdozwk.txt
C:\WINDOWS\n_lyvdgk.log
C:\WINDOWS\n_huptbq.txt
C:\WINDOWS\n_lwtrzn.log
C:\WINDOWS\n_aqowao.log
C:\WINDOWS\n_vkkmrl.log

14
C:\WINDOWS\n_aedygu.dat
C:\WINDOWS\n_qgmdxn.dat
C:\WINDOWS\n_agbzas.dat
C:\WINDOWS\javasv.exe
C:\WINDOWS\iekv.exe
C:\WINDOWS\netvj.exe
C:\WINDOWS\mssw32.exe
C:\WINDOWS\crwy32.exe
C:\WINDOWS\ipze32.exe
C:\WINDOWS\javald.exe

15
C:\WINDOWS\appzm32.dll
C:\WINDOWS\javaon32.dll
C:\WINDOWS\apide.dll
C:\WINDOWS\winco32.dll
C:\WINDOWS\addiv32.exe
C:\WINDOWS\d3rk.exe
C:\WINDOWS\d3rm.exe
C:\WINDOWS\ipwu.dll
C:\WINDOWS\mfcgp.dll
C:\WINDOWS\biicz.dll

16
C:\WINDOWS\uavnd.dll
C:\WINDOWS\addpo32.dll
C:\WINDOWS\apinw.dll
C:\WINDOWS\hkqzz.dll
C:\WINDOWS\ugboi.dll
C:\WINDOWS\vjogq.dll
C:\Program Files\Windows Media Player\wmplayer.exe.tmp

Kc :tazz:
  • 0

#20
VoiceMajor
Posted 04 March 2005 - 01:57 PM

VoiceMajor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Yeah!!!!!

No more viruses. No More Dr. Watson. No More Dreaded Blue Screen.

For anyone reading this. Follow their advice by opening your own topic, following the instructions to search for spyware, viruses and post a HiJack This Log so that they can tell you how to fix your machine. Be patient, there may be a lot of steps, depending upon how much you have wrongfully relied on antivirus software to protect you.

I reran Panda after following the fixes in #19 and found 12 viruses (one in a HJT backup folder), removed them with Killbox and scanned again to be told I was virus free.

The only remaining issue on my questions is the c:\windows\sdkkk32.dll error (that it is not a valid Windows image). Do I need this file?

I will take a break over the weekend and hope you do as well. Then I will tackle my daughter's machine to make sure she is not in the same boat.


Thanks, Thanks, Thanks, Thanks. You gals/guys are great!!!
  • 0

#21
Guest_thatman_*
Posted 04 March 2005 - 02:19 PM

Guest_thatman_*
  • Guest
Hi VoiceMajor


c:\windows\sdkkk32.dll <--Delete the file

Kc :tazz:
  • 0

#22
Guest_thatman_*
Posted 16 April 2005 - 09:40 AM

Guest_thatman_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP