Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Freeze and Internet Randomly close[RESOLVED]

Started by slimm_thugga38701 , Apr 07 2005 01:06 AM

  • This topic is locked This topic is locked

#1
slimm_thugga38701
Posted 07 April 2005 - 01:06 AM

slimm_thugga38701

    New Member

  • Member
  • Pip
  • 3 posts
Here go my hijack this log




Logfile of HijackThis v1.99.1
Scan saved at 2:03:40 AM, on 4/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CxtPls\CxtPls.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\windows\system32\vempjzm.exe
C:\Program Files\Creative Professional\E-MU PatchMix

DSP\EmuPatchMixDSP.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\System32\tjcbp.exe
C:\windows\system32\calc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DH\Local Settings\Temporary Internet

Files\Content.IE5\OPEFSH67\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini:

UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater

.exe,
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} -

C:\WINDOWS\BTGrab.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} -

C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} -

C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6A89172E-C767-7BCB-D324-15550EA37D40} -

C:\WINDOWS\System32\gibcb.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -

C:\WINDOWS\wsem218.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}

- c:\program files\google\googletoolbar.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} -

C:\WINDOWS\System32\apuc.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA}

- C:\WINDOWS\system32\msbe.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no

file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI

Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [vempjzm] c:\windows\system32\vempjzm.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"

/background
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI

Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program

Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program

Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -

res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program

Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program

Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program

Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} -

file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm

(file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software

AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -

http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -

http://static.windup...bridge-c356.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -

http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -

http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -

http://download.webs...38/QDow_AS2.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller

Control) - http://www.35mb.com/applet.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -

http://us.dl1.yimg.c...te/yautocomplet

e.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software

AutoUpdate Support Package) -

http://www.creative....15009/CTPID.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program

Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) -

Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 -

C:\PROGRA~1\TURTLE~1\AUDIOS~1\x10nets.exe
  • 0

Advertisements

#2
slimm_thugga38701
Posted 07 April 2005 - 05:55 PM

slimm_thugga38701

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Uppin for reply
  • 0

#3
Guest_thatman_*
Posted 13 April 2005 - 04:39 AM

Guest_thatman_*
  • Guest
Hi slimm_thugga38701

Download the CCleaner unzip the file to install.
Open the ccleaner.
Place a check by everything in the Applications tab.
Place a check by Internet Explorer, Windows explorer, and System in the Windows tab.
Now click on Run Cleaner

Reboot your system.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#4
slimm_thugga38701
Posted 13 April 2005 - 04:13 PM

slimm_thugga38701

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here go the pandra log


Incident Status Location

Adware:Adware/PurityScan No disinfected C:\Documents and Settings\DH\Application Data\sram.exe
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\cdt_bbi8016.exe
Adware:Adware/TopRebates No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\djtopr1150.exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\msbb.exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\ncmyb.dll
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\optimize.exe
Virus:Trj/Downloader.GK Disinfected C:\Documents and Settings\Studio\Local Settings\Temp\polmx.cab
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\polmx.exe
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\THI58DA.tmp\polall1t.exe
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\THI58DA.tmp\preInsTT.exe
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\THI58DA.tmp\twaintec.cab
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\THI58DA.tmp\twaintec.cab[twaintec.inf]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\THI58DA.tmp\twaintec.cab[twaintec.dll]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\THI58DA.tmp\twaintec.cab[preInsTT.exe]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\THI58DA.tmp\twaintec.cab[polall1t.exe]
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\THI58DA.tmp\twaintec.dll
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Studio\Local Settings\Temp\THI58DA.tmp\twaintec.inf
Virus:Trj/Downloader.OU Disinfected C:\Documents and Settings\Studio\Local Settings\Temp\wupdt.exe
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\4XC5WFAP\actalert[1]
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\4XC5WFAP\bbi8024[1].exe
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\4XC5WFAP\cdt_bbi8016[1].exe
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\EXIPKHS1\optimize[1].exe
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\EXIPKHS1\wsem218[1].txt
Adware:Adware/nCase No disinfected C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\GV65Y903\msbb[1].exe
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\W30L6JY5\bdl14025[1].exe
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\W30L6JY5\nem219[1].txt
Virus:W32/Ronoper No disinfected C:\Excursion9.5\Download\Melda.zip[Melda.scr]
Adware:Adware/Minibug No disinfected C:\Program Files\AIM\Sysfiles\WxBug.EXE
Adware:Adware/Apropos No disinfected C:\Program Files\AutoUpdate\AutoUpdate.exe
Adware:Adware/Minibug No disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Adware:Adware/Apropos No disinfected C:\Program Files\CxtPls\ace.dll
Adware:Adware/Apropos No disinfected C:\Program Files\CxtPls\CxtPls.dll
Adware:Adware/Apropos No disinfected C:\Program Files\CxtPls\CxtPls.exe
Adware:Adware/Apropos No disinfected C:\Program Files\CxtPls\ProxyStub.dll
Adware:Adware/Apropos No disinfected C:\Program Files\CxtPls\uninstaller.exe
Adware:Adware/Apropos No disinfected C:\Program Files\CxtPls\WinGenerics.dll
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Internet Optimizer\actalert.exe
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Internet Optimizer\optimize.exe
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Internet Optimizer\update\actalert.exe
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Internet Optimizer\update\rogue.exe
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Rviy\Bxao.exe
Adware:Adware/WeatherCast No disinfected C:\Program Files\VVSN\VVSN.exe
Adware:Adware/BlazeFind No disinfected C:\Program Files\WindowsSA\omniscient.exe
Adware:Adware/BlazeFind No disinfected C:\Program Files\WindowsSA\omniscienthook.dll
Virus:Trj/Multidropper.TY Disinfected C:\temp\Bargains.exe
Adware:Adware/Apropos No disinfected C:\temp\cxtpls_loader_ff.exe
Adware:Adware/SAHAgent No disinfected C:\temp\SAHAgent.exe
Adware:Adware/nCase No disinfected C:\temp\salm.exe
Adware:Adware/nCase No disinfected C:\temp\salmhook.dll
Adware:Adware/WinTools No disinfected C:\WINDOWS\2_0_1browserhelper2.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\lsp_.dll
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\SahHtml_.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup.inf
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\WEBInstaller.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\xmlparse_.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\xmltok_.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\etmjst.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.inf
Adware:Adware/BTGrab No disinfected C:\WINDOWS\inf\btgrab.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\polall1r.inf
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\inf\twaintec.inf
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\preInsTT.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\remtm2.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\remtm3.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SAHUninstall.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/Imibar No disinfected C:\WINDOWS\systb.dll
Adware:Adware/Imibar No disinfected C:\WINDOWS\systb.exe
Spyware:Spyware/Bridge No disinfected C:\WINDOWS\system32\a.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\apuc.dll
Adware:Adware/Envolo No disinfected C:\WINDOWS\system32\auto_update_uninstall.exe
Spyware:Spyware/Bridge No disinfected C:\WINDOWS\system32\bridge.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system32\DrTemp\randreco.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\gibcb.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\lsp.dll
Virus:Trj/Downloader.AMT Disinfected C:\WINDOWS\system32\miduzb.exe
Adware:Adware/CWS.008k No disinfected C:\WINDOWS\system32\mmdtext.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\polall1m.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system32\randreco.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\system32\randrecobefore.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\SahAgent.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\SahHtml.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\tjcbp.exe
Virus:Trj/Downloader.BHX Disinfected C:\WINDOWS\system32\vempjzm.exe
Adware:Adware/BlazeFind No disinfected C:\WINDOWS\system32\wsaupdater.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmlparse.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmltok.dll
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\twaintec.dll
Spyware:Spyware/Dyfuca No disinfected C:\WINDOWS\wsem218.dll
Virus:Trj/Downloader.OU Disinfected C:\WINDOWS\wupdt.exe

this the hijack this


Logfile of HijackThis v1.99.1
Scan saved at 5:09:52 PM, on 4/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CxtPls\CxtPls.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\System32\tjcbp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\vempjzm.exe
C:\windows\system32\packager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\DH\Local Settings\Temporary Internet Files\Content.IE5\YJHELZIW\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6A89172E-C767-7BCB-D324-15550EA37D40} - C:\WINDOWS\System32\gibcb.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem218.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\Program Files\MBKWBar\IEToolBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vempjzm] c:\windows\system32\vempjzm.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c356.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...38/QDow_AS2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.35mb.com/applet.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15009/CTPID.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\TURTLE~1\AUDIOS~1\x10nets.exe
  • 0

#5
Guest_thatman_*
Posted 14 April 2005 - 03:51 AM

Guest_thatman_*
  • Guest
Hi slimm_thugga38701

Please read through the instructions before you start (you may want to print this out).

HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder for it and place the program into that new folder.

Download Pocket Killbox and unzip it; save it to your Desktop.

Please set your system to show all files; please see here if you're unsure how to do this.

Use Windows add remove program file's uninstall the following:
Please inform me of items that do not appear in Add remove program file's
C:\Program Files\AIM\Sysfiles\WxBug.EXE
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
C:\Program Files\CxtPls\ace.dll
C:\Program Files\CxtPls\CxtPls.dll
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\CxtPls\ProxyStub.dll
C:\Program Files\CxtPls\uninstaller.exe
C:\Program Files\CxtPls\WinGenerics.dll
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Internet Optimizer\update\actalert.exe
C:\Program Files\Internet Optimizer\update\rogue.exe
C:\Program Files\Rviy\Bxao.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\Program Files\WindowsSA\omniscienthook.dll
C:\Excursion9.5\Download\Melda.zip[Melda.scr]

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {6A89172E-C767-7BCB-D324-15550EA37D40} - C:\WINDOWS\System32\gibcb.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem218.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\Program Files\MBKWBar\IEToolBar.dll
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [vempjzm] c:\windows\system32\vempjzm.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c356.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...38/QDow_AS2.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.35mb.com/applet.cab
Click on { red Fix Checked } when finished and exit HijackThis.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\system32\userinit.exe
C:\Windows\System32\wsaupdater.exe
C:\WINDOWS\BTGrab.dll
C:\Program Files\CxtPls
C:\WINDOWS\systb.dll
C:\WINDOWS\System32\gibcb.dll
C:\WINDOWS\wsem218.dll
C:\WINDOWS\System32\apuc.dll
C:\WINDOWS\system32\msbe.dll
C:\Program Files\MBKWBar
C:\WINDOWS\farmmext.exe
c:\windows\system32\vempjzm.exe
C:\Program Files\Web_Rebates
(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)
Exit Explorer.

All the following items are Malware if you had run the cleaner these items would have been removed
C:\Documents and Settings\Studio\Local Settings\Temp\cdt_bbi8016.exe
C:\Documents and Settings\Studio\Local Settings\Temp\djtopr1150.exe
C:\Documents and Settings\Studio\Local Settings\Temp\msbb.exe
C:\Documents and Settings\Studio\Local Settings\Temp\ncmyb.dll
C:\Documents and Settings\Studio\Local Settings\Temp\optimize.exe
C:\Documents and Settings\Studio\Local Settings\Temp\polmx.cab
C:\Documents and Settings\Studio\Local Settings\Temp\polmx.exe
C:\Documents and Settings\Studio\Local Settings\Temp\wupdt.exe
C:\Documents and Settings\Studio\Local Settings\Temp\cdt_bbi8016.exe
C:\Documents and Settings\Studio\Local Settings\Temp\djtopr1150.exe
C:\Documents and Settings\Studio\Local Settings\Temp\msbb.exe
C:\Documents and Settings\Studio\Local Settings\Temp\ncmyb.dll
C:\Documents and Settings\Studio\Local Settings\Temp\optimize.exe
C:\Documents and Settings\Studio\Local Settings\Temp\polmx.cab
C:\Documents and Settings\Studio\Local Settings\Temp\polmx.exe
C:\Documents and Settings\Studio\Local Settings\Temp\wupdt.exe

All the following items are Malware if you had run the cleaner these items would have been removed
C:\Documents and Settings\Studio\Local Settings\Temp\THI58DA.tmp<--Delete the whole folder

All the following items are Malware if you had run the cleaner these items would have been removed
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\4XC5WFAP\actalert[1]
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\4XC5WFAP\bbi8024[1].exe
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\4XC5WFAP\cdt_bbi8016[1].exe
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\EXIPKHS1\optimize[1].exe
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\EXIPKHS1\wsem218[1].txt
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\GV65Y903\msbb[1].exe
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\W30L6JY5\bdl14025[1].exe
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\W30L6JY5\nem219[1].txt
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\4XC5WFAP\actalert[1]
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\4XC5WFAP\bbi8024[1].exe
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\4XC5WFAP\cdt_bbi8016[1].exe
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\EXIPKHS1\optimize[1].exe
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\EXIPKHS1\wsem218[1].txt
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\GV65Y903\msbb[1].exe
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\W30L6JY5\bdl14025[1].exe
C:\Documents and Settings\Studio\Local Settings\Temporary Internet Files\Content.IE5\W30L6JY5\nem219[1].txt

Run it, and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
Let the system reboot.
C:\WINDOWS\Downloaded Program Files\lsp_.dll
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe
C:\WINDOWS\Downloaded Program Files\SahHtml_.exe
C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Downloaded Program Files\WEBInstaller.dll
C:\WINDOWS\Downloaded Program Files\xmlparse_.dll
C:\WINDOWS\Downloaded Program Files\xmltok_.dll
C:\WINDOWS\2_0_1browserhelper2.dll
C:\WINDOWS\alchem.exe
C:\WINDOWS\etmjst.exe
C:\WINDOWS\farmmext.exe
C:\WINDOWS\inf\alchem.inf
C:\WINDOWS\inf\btgrab.inf
C:\WINDOWS\inf\farmmext.inf
C:\WINDOWS\inf\polall1r.inf
C:\WINDOWS\inf\twaintec.inf
C:\WINDOWS\preInsTT.exe
C:\WINDOWS\remtm2.exe
C:\WINDOWS\remtm3.exe
C:\WINDOWS\SAHUninstall.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\satmat.ini
C:\WINDOWS\systb.dll
C:\WINDOWS\systb.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\apuc.dll
C:\WINDOWS\system32\auto_update_uninstall.exe
C:\WINDOWS\system32\bridge.dll
C:\WINDOWS\system32\gibcb.dll
C:\WINDOWS\system32\lsp.dll
C:\WINDOWS\system32\miduzb.exe
C:\WINDOWS\system32\mmdtext.exe
C:\WINDOWS\system32\polall1m.exe
C:\WINDOWS\system32\randreco.exe
C:\WINDOWS\system32\randrecobefore.exe
C:\WINDOWS\system32\SahAgent.exe
C:\WINDOWS\system32\SahHtml.exe
C:\WINDOWS\system32\tjcbp.exe
C:\WINDOWS\system32\vempjzm.exe
C:\WINDOWS\system32\wsaupdater.exe
C:\WINDOWS\system32\xmlparse.dll
C:\WINDOWS\system32\xmltok.dll
C:\WINDOWS\twaintec.dll
C:\WINDOWS\wsem218.dll
C:\WINDOWS\wupdt.exe
C:\Documents and Settings\DH\Application Data\sram.exe
C:\WINDOWS\system32\DrTemp\randreco.exe
C:\WINDOWS\farmmext.exe
c:\windows\system32\vempjzm.exe
C:\WINDOWS\systb.dll
C:\WINDOWS\System32\gibcb.dll
C:\WINDOWS\wsem218.dll
C:\WINDOWS\System32\apuc.dll
C:\WINDOWS\system32\msbe.dll
End of killbox file's

Reboot as normal.

Please run the following free, online virus scans.http://www.pandasoft.../start_corp.aspPlease post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.[/color]

Kc :tazz:
  • 0

#6
Guest_thatman_*
Posted 22 April 2005 - 11:18 AM

Guest_thatman_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP