1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Solved] HJ this log, can someone look this over please?

Discussion in 'Virus & Other Malware Removal' started by ConfoozdNoob, Jul 26, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. ConfoozdNoob

    ConfoozdNoob Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    28
    Hi,

    Here is my log... please let me know what I can get rid of! thanks so much!! :D


    Logfile of HijackThis v1.98.0
    Scan saved at 11:26:21 AM, on 7/25/2004
    Platform: Windows 2000 SP1 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\PackethSvc.exe
    C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
    C:\WINNT\System32\PSSVC.EXE
    C:\WINNT\System32\CTsvcCDA.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Roxio\GoBack\GBPoll.exe
    C:\WINNT\System32\mgabg.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\ZoneLabs\vsmon.exe
    C:\Program Files\iVasion\WinPoET\WrOS.EXE
    C:\WINNT\System32\ZipToA.exe
    C:\WINNT\System32\ZoneLabs\MINILOG.EXE
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\WINNT\System32\PDesk.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\PROGRA~1\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
    C:\WINNT\loadqm.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\WINNT\System32\shellexp.exe
    C:\Program Files\Roxio\GoBack\GBTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\POW\pow.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Teamsnafu3\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\system32\notfound.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINNT\system32\notfound.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINNT\system32\notfound.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINNT\system32\notfound.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weathsr.com/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINNT\system32\notfound.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINNT\system32\notfound.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINNT\system32\notfound.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    O1 - Hosts: 209.8.166.99 sleazy.ath.cx
    O1 - Hosts: 209.8.166.99 hornylist.ath.cx
    O1 - Hosts: 209.8.166.99 www.pichunter.com
    O1 - Hosts: 209.8.166.99 www.cowlist.com
    O1 - Hosts: 209.8.166.99 www.searchv.com
    O1 - Hosts: 209.8.166.99 www.sleazydream.com
    O1 - Hosts: 209.8.166.99 mmm100.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O1 - Hosts: 64.237.37.47 auto.search.msn.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\Odigo\Bin\OdigoBHO.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
    O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [vCatch] C:\PROGRA~1\COMMON~2\vCatch\VCatch.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [Explorer] C:\WINNT\System32\shellexp.exe en
    O4 - Startup: America Online Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
    O4 - Startup: Shortcut to pow.lnk = C:\Program Files\POW\pow.exe
    O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - (no file) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/i...5.26/Hiwire.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...meInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {AEAD8593-667F-11D3-82FA-005004185BB3} (Servicesoft VoiceControl) - http://12.18.140.235/java/nm.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/con....cab?5,0,1730,0
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Click here to download CWShredder. Close all browser windows, click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do it's thing.

    When it is finished restart your computer.

    Come back here and post another Hijack This log and we'll get rid of what's left.
     
  3. ConfoozdNoob

    ConfoozdNoob Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    28
    Ok, I ran the shredder program and did Hijack again. Here is my log:

    Thanks for the help!! :D


    Logfile of HijackThis v1.98.0
    Scan saved at 9:57:33 PM, on 7/26/2004
    Platform: Windows 2000 SP1 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\PackethSvc.exe
    C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
    C:\WINNT\System32\PSSVC.EXE
    C:\WINNT\System32\CTsvcCDA.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Roxio\GoBack\GBPoll.exe
    C:\WINNT\System32\mgabg.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\ZoneLabs\vsmon.exe
    C:\Program Files\iVasion\WinPoET\WrOS.EXE
    C:\WINNT\System32\ZipToA.exe
    C:\WINNT\System32\ZoneLabs\MINILOG.EXE
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\WINNT\System32\PDesk.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\PROGRA~1\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
    C:\WINNT\loadqm.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\WINNT\System32\shellexp.exe
    C:\Program Files\Roxio\GoBack\GBTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\POW\pow.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Teamsnafu3\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weathsr.com/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    O1 - Hosts: 209.8.166.99 sleazy.ath.cx
    O1 - Hosts: 209.8.166.99 hornylist.ath.cx
    O1 - Hosts: 209.8.166.99 www.pichunter.com
    O1 - Hosts: 209.8.166.99 www.cowlist.com
    O1 - Hosts: 209.8.166.99 www.sleazydream.com
    O1 - Hosts: 209.8.166.99 mmm100.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\Odigo\Bin\OdigoBHO.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
    O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [vCatch] C:\PROGRA~1\COMMON~2\vCatch\VCatch.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [Explorer] C:\WINNT\System32\shellexp.exe en
    O4 - Startup: America Online Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
    O4 - Startup: Shortcut to pow.lnk = C:\Program Files\POW\pow.exe
    O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - (no file) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {AEAD8593-667F-11D3-82FA-005004185BB3} (Servicesoft VoiceControl) - http://12.18.140.235/java/nm.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?5,0,1730,0
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    O1 - Hosts: 209.8.166.99 sleazy.ath.cx
    O1 - Hosts: 209.8.166.99 hornylist.ath.cx
    O1 - Hosts: 209.8.166.99 www.pichunter.com
    O1 - Hosts: 209.8.166.99 www.cowlist.com
    O1 - Hosts: 209.8.166.99 www.sleazydream.com
    O1 - Hosts: 209.8.166.99 mmm100.com

    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe

    O4 - HKCU\..\Run: [Explorer] C:\WINNT\System32\shellexp.exe en

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - (no file) (HKCU)

    O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/i...5.26/Hiwire.cab


    Restart to safe mode.

    How to start your computer in safe mode

    First in safe mode click on My Computer then click Tools > Folder Options. In Folder options click on the View tab. Under Files and Folders tick "Show hidden files and folders" then uncheck "Hide file extensions for known file types" and uncheck "Hide protected operating system files (recommended)". Now click "Like current folder" then "Apply" and "OK"

    Now find and delete the C:\WINNT\System32\shellexp.exe file.


    Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.
     
  5. ConfoozdNoob

    ConfoozdNoob Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    28
    Hi flrman1,

    I did everything you advised, and then out of curiosity I wanted to see if the files that I deleted were really out of my system and then I found that the

    O4 - HKCU\..\Run: [Explorer] C:\WINNT\System32\shellexp.exe en

    and the C:\WINNT\System32\shellexp.exe file file could not be permanently deleted from my system. What did I do wrong? Thanks so much!


    Here is my latest Hijack log:

    Logfile of HijackThis v1.98.0
    Scan saved at 11:03:08 PM, on 7/26/2004
    Platform: Windows 2000 SP1 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\PackethSvc.exe
    C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
    C:\WINNT\System32\PSSVC.EXE
    C:\WINNT\System32\CTsvcCDA.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Roxio\GoBack\GBPoll.exe
    C:\WINNT\System32\mgabg.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\ZoneLabs\vsmon.exe
    C:\Program Files\iVasion\WinPoET\WrOS.EXE
    C:\WINNT\System32\ZipToA.exe
    C:\WINNT\System32\ZoneLabs\MINILOG.EXE
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\WINNT\System32\PDesk.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\PROGRA~1\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
    C:\WINNT\loadqm.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\WINNT\System32\shellexp.exe
    C:\Program Files\Roxio\GoBack\GBTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\POW\pow.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Teamsnafu3\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weathsr.com/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\Odigo\Bin\OdigoBHO.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
    O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [vCatch] C:\PROGRA~1\COMMON~2\vCatch\VCatch.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [Explorer] C:\WINNT\System32\shellexp.exe en
    O4 - Startup: America Online Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
    O4 - Startup: Shortcut to pow.lnk = C:\Program Files\POW\pow.exe
    O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {AEAD8593-667F-11D3-82FA-005004185BB3} (Servicesoft VoiceControl) - http://12.18.140.235/java/nm.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?5,0,1730,0
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Download TheKillbox from here:

    http://www.downloads.subratam.org/KillBox.zip

    Unzip the files to the folder of your choice.

    Double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

    C:\WINNT\System32\shellexp.exe

    Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The C:\WINNT\System32\shellexp.exe
    listing should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to restart, go ahead and restart.


    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    O4 - HKCU\..\Run: [Explorer] C:\WINNT\System32\shellexp.exe en

    Restart your computer.
     
  7. ConfoozdNoob

    ConfoozdNoob Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    28
    I downloaded and ran TheKillbox as you recommended, followed the steps... repeated it twice and I still cannot remove it :(

    I also tried to remove R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weathsr.com/main.html since my homepage has been hijacked, but everytime I remove it, it comes right back like clockwork. :mad:

    Do you have anymore suggestions? I really appreciate all that you have helped me with!

    Here is the latest log:


    Logfile of HijackThis v1.98.0
    Scan saved at 10:32:53 PM, on 7/27/2004
    Platform: Windows 2000 SP1 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\PackethSvc.exe
    C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
    C:\WINNT\System32\PSSVC.EXE
    C:\WINNT\System32\CTsvcCDA.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Roxio\GoBack\GBPoll.exe
    C:\WINNT\System32\mgabg.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\ZoneLabs\vsmon.exe
    C:\Program Files\iVasion\WinPoET\WrOS.EXE
    C:\WINNT\System32\ZipToA.exe
    C:\WINNT\System32\ZoneLabs\MINILOG.EXE
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\devldr32.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\WINNT\System32\PDesk.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\PROGRA~1\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
    C:\WINNT\loadqm.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\WINNT\System32\shellexp.exe
    C:\Program Files\Roxio\GoBack\GBTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\POW\pow.exe
    C:\HJT\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weathsr.com/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\Odigo\Bin\OdigoBHO.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
    O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [vCatch] C:\PROGRA~1\COMMON~2\vCatch\VCatch.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [Explorer] C:\WINNT\System32\shellexp.exe en
    O4 - Startup: America Online Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
    O4 - Startup: Shortcut to pow.lnk = C:\Program Files\POW\pow.exe
    O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt502/us/win/QuickTimeInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {AEAD8593-667F-11D3-82FA-005004185BB3} (Servicesoft VoiceControl) - http://12.18.140.235/java/nm.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?5,0,1730,0
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
     
  8. ConfoozdNoob

    ConfoozdNoob Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    28
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I haven't forgot about you. I've been trying to find out some info on this one. Do this:

    Look in C:\ and see if you have a file called explorer.exe there. There should be an explorer.exe file in C:\WINNT, but that isn't the one we want. Just look to see if you have one in C: and let me know.
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Do you have your 2k installation disk?
     
  11. ConfoozdNoob

    ConfoozdNoob Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    28

    Hi thank you for helping me out, I really appreciate it! :)

    Yes, my explorer.exe file in C:\WINNT is missing. I posted this question up in other forums, but I didn't think it was directly related to the problem you are trying to help me solve(shows how much of a newbie I am! :eek: )

    In anycase, my original posts were as follows:

    http://forums.techguy.org/showthread.php?t=253553

    http://forums.techguy.org/showthread.php?t=254211

    By the way, I do have my 2k installation disk.
     
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Put you'r 2k disk in. Browse the disk and find the explorer.exe. Extract a copy of explorer.exe and save it to a convenient location. Don't copy it to the C:\WINNT folder yet. First boot to safe mode and delete the bogus explorer.exe that is in C:\ and also delete the C:\WINNT\System32\shellexp.exe file. It should stay gone after you delete the bogus explorer.exe file.

    Now copy the explorer.exe file that you extracted from the 2k disk to the C:\WINNT folder.
     
  13. ConfoozdNoob

    ConfoozdNoob Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    28
    THANK YOU SO MUCH!!! You are a genius! My computer is finally fixed! I am the happiest person alive right now! :D

    Just out of curiosity, do you have any idea what that virus is called? :confused:

    Thank you once again!
     
  14. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    You're Welcome! :)

    The trojan is unknown as far as I know. I never did find anywhere that a name or what the trojan actually was mentioned.
     
  15. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Glad we were able to help! :)

    I'm closing this thread. If you need it reopened please PM me or one of the other mods.

    Anyone else with a similar problem please start a "New Thread".
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - [Solved] someone please
  1. Evenheizer
    Replies:
    0
    Views:
    354
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/254577

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice