Jump to content


Photo

Help me clean my system please :)


  • Please log in to reply
5 replies to this topic

#1 Monte_NZ

Monte_NZ

    Member

  • New Member
  • Pip
  • 4 posts

Posted 02 July 2004 - 08:28 PM

I have the CleverIEHooker.Jeired and DSO Exploit (which I'm told does nothing as long as you have SP1 for XP, which I do) which always appear after doing a Spybot search. Here is my long from HJT:

Logfile of HijackThis v1.98.0
Scan saved at 1:14:29 p.m., on 3/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\scrgrd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Silkie\Desktop\HijackThis1980.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.strclan.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 66.98.178.19 06272002-dbase.hitcountz.net
O1 - Hosts: 66.98.178.19 1ca.cqcounter.com
O1 - Hosts: 66.98.178.19 2001-007.com
O1 - Hosts: 66.98.178.19 ad-logics.com
O1 - Hosts: 66.98.178.19 ad.trafficmp.com
O1 - Hosts: 66.98.178.19 adclient.rottentomatoes.com
O1 - Hosts: 66.98.178.19 adcounter.globeandmail.com
O1 - Hosts: 66.98.178.19 adcounter.theglobeandmail.com
O1 - Hosts: 66.98.178.19 adlog.com.com
O1 - Hosts: 66.98.178.19 admanmail.com
O1 - Hosts: 66.98.178.19 ads.specificpop.com
O1 - Hosts: 66.98.178.19 adtech.de
O1 - Hosts: 66.98.178.19 askmen.thruport.com
O1 - Hosts: 66.98.178.19 banner.0catch.com
O1 - Hosts: 66.98.178.19 bilbo.counted.com
O1 - Hosts: 66.98.178.19 c1.statcounter.com
O1 - Hosts: 66.98.178.19 c1.thecounter.com
O1 - Hosts: 66.98.178.19 c2.gostats.com
O1 - Hosts: 66.98.178.19 c2.thecounter.com
O1 - Hosts: 66.98.178.19 c3.thecounter.com
O1 - Hosts: 66.98.178.19 c3.xxxcounter.com
O1 - Hosts: 66.98.178.19 cashcounter.com
O1 - Hosts: 66.98.178.19 cgi.hotstat.nl
O1 - Hosts: 66.98.178.19 clit6.sextracker.com
O1 - Hosts: 66.98.178.19 clit8.sextracker.com
O1 - Hosts: 66.98.178.19 cookies.cmpnet.com
O1 - Hosts: 66.98.178.19 counter.aaddzz.com
O1 - Hosts: 66.98.178.19 counter.bloke.com
O1 - Hosts: 66.98.178.19 counter.hitslink.com
O1 - Hosts: 66.98.178.19 counter.yadro.ru
O1 - Hosts: 66.98.178.19 counter14.sextracker.com
O1 - Hosts: 66.98.178.19 counter16.bravenet.com
O1 - Hosts: 66.98.178.19 counter17.bravenet.com
O1 - Hosts: 66.98.178.19 counter2.hitslink.com
O1 - Hosts: 66.98.178.19 counter26.bravenet.com
O1 - Hosts: 66.98.178.19 counter32.bravenet.com
O1 - Hosts: 66.98.178.19 counter34.breavenet.com
O1 - Hosts: 66.98.178.19 counter41.bravenet.com
O1 - Hosts: 66.98.178.19 counter47.bravenet.com
O1 - Hosts: 66.98.178.19 counter6.sextracker.com
O1 - Hosts: 66.98.178.19 counter8.bravenet.com
O1 - Hosts: 66.98.178.19 data.coremetrics.com
O1 - Hosts: 66.98.178.19 delivery.loopingclick.com
O1 - Hosts: 66.98.178.19 dwclick.com
O1 - Hosts: 66.98.178.19 ebay.doubleclick.net
O1 - Hosts: 66.98.178.19 ehg-amerix.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-bestbuy.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-crain.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-dig.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-eckounlimited.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-espn.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-idg.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-liveperson.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-oreilley.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-space.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-sportsline.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-techtarget.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-tigerdirect.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-uniontrib.hitbox.com
O1 - Hosts: 66.98.178.19 ehg-viacom.hitbox.com
O1 - Hosts: 66.98.178.19 ehg.commjun.hitbox.com
O1 - Hosts: 66.98.178.19 ehg.hitbox.com
O1 - Hosts: 66.98.178.19 fastclick.net
O1 - Hosts: 66.98.178.19 fcstats.bcentral.com
O1 - Hosts: 66.98.178.19 flycast.com
O1 - Hosts: 66.98.178.19 g-wizzads.net
O1 - Hosts: 66.98.178.19 gostats.com
O1 - Hosts: 66.98.178.19 gtcc1.acecounter.com
O1 - Hosts: 66.98.178.19 hc2.humanclick.com
O1 - Hosts: 66.98.178.19 hit2.hotlog.ru
O1 - Hosts: 66.98.178.19 hit37.chark.dk
O1 - Hosts: 66.98.178.19 hitbox.com
O1 - Hosts: 66.98.178.19 hits.webstat.com
O1 - Hosts: 66.98.178.19 images.dailydiscounts.com
O1 - Hosts: 66.98.178.19 imp.clickability.com
O1 - Hosts: 66.98.178.19 impacts.alliancehub.com
O1 - Hosts: 66.98.178.19 insightfirst.com
O1 - Hosts: 66.98.178.19 int.sitestat.com
O1 - Hosts: 66.98.178.19 jkearns.freestats.com
O1 - Hosts: 66.98.178.19 linktrack.bravenet.com
O1 - Hosts: 66.98.178.19 logs.comics.com
O1 - Hosts: 66.98.178.19 m1.nedstatbasic.net
O1 - Hosts: 66.98.178.19 media101.sitebrand.com
O1 - Hosts: 66.98.178.19 mediatrack.revenue.net
O1 - Hosts: 66.98.178.19 mt122.mtree.com
O1 - Hosts: 66.98.178.19 nedstat.s0.nl
O1 - Hosts: 66.98.178.19 nl.sitestat.com
O1 - Hosts: 66.98.178.19 partner.alerts.aol.com
O1 - Hosts: 66.98.178.19 paxito.sitetracker.com
O1 - Hosts: 66.98.178.19 perso.estat.com
O1 - Hosts: 66.98.178.19 pmg.ad-logics.com
O1 - Hosts: 66.98.178.19 postclick.adcentriconline.com
O1 - Hosts: 66.98.178.19 prof.estat.com
O1 - Hosts: 66.98.178.19 s10.sitemeter.com
O1 - Hosts: 66.98.178.19 s11.sitemeter.com
O1 - Hosts: 66.98.178.19 s12.sitemeter.com
O1 - Hosts: 66.98.178.19 s13.sitemeter.com
O1 - Hosts: 66.98.178.19 s14.sitemeter.com
O1 - Hosts: 66.98.178.19 s15.sitemeter.com
O1 - Hosts: 66.98.178.19 s16.sitemeter.com
O1 - Hosts: 66.98.178.19 s2.statcounter.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus C41 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C41 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O6 "USB001" /M "Stylus C41"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKLM\..\Run: [FFADDC66] C:\WINDOWS\System32\whqvdckfubj.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\khbpwaf.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe
O4 - HKLM\..\RunServices: [1D3AB15F] C:\WINDOWS\System32\whqvdckfubj.exe
O4 - HKLM\..\RunServices: [msvsrv32] msvsrv32.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0BE35204-8F91-11CE-9DE3-00AA004BB851} (CLSID_StdPict) - http://wwwau.kodak.c...e/OPW_25900.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28177.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwn...m/cab/crack.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFCB9B8-C9A6-44D5-B5DA-A88E81E0A5F0}: NameServer = 203.96.152.4 203.96.152.12
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\PROGRA~1\COMMON~1\MICROS~1\REFERE~1\msref.dll

#2 Monte_NZ

Monte_NZ

    Member

  • New Member
  • Pip
  • 4 posts

Posted 02 July 2004 - 09:52 PM

Is it safe to delete all of the O1 files?

#3 Monte_NZ

Monte_NZ

    Member

  • New Member
  • Pip
  • 4 posts

Posted 03 July 2004 - 02:20 AM

Updated Log:

Logfile of HijackThis v1.98.0
Scan saved at 7:20:39 p.m., on 3/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\scrgrd.exe
C:\WINDOWS\System32\wuamgrd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Silkie\Desktop\Ex-Desktop Folder\mIRC\mirc.exe
C:\Documents and Settings\Silkie\Desktop\HijackThis1980.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.strclan.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus C41 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C41 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C41"
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O6 "USB001" /M "Stylus C41"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKLM\..\Run: [FFADDC66] C:\WINDOWS\System32\rbsrxsxkm.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\khbpwaf.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe
O4 - HKLM\..\RunServices: [1D3AB15F] C:\WINDOWS\System32\rbsrxsxkm.exe
O4 - HKLM\..\RunServices: [msvsrv32] msvsrv32.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0BE35204-8F91-11CE-9DE3-00AA004BB851} (CLSID_StdPict) - http://wwwau.kodak.c...e/OPW_25900.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28177.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwn...m/cab/crack.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFCB9B8-C9A6-44D5-B5DA-A88E81E0A5F0}: NameServer = 203.96.152.4 203.96.152.12
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\PROGRA~1\COMMON~1\MICROS~1\REFERE~1\msref.dll

#4 Aaron B.

Aaron B.

    There is hope, but it's small...

  • Retired Staff - Helper
  • Pip
  • 30 posts

Posted 03 July 2004 - 03:04 AM

Okay... looks like a couple nasties have inserted themselves as services... no biggie. First thing is to stop the services from running. To do this (you might have to login as Administrator), open the control panel, open the Administrative Tools control panel, and double-click Services. In that list, locate, right-click and click Stop for the following:
msvsrv32
1D3AB15F

Once those two are stopped, wait a few seconds to see if they start themselves again. If they do... do the same thing and this time, go into properties and set them as Disabled.

Next, open HiJackThis, click Scan and then click the little checkboxes next to the following items:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
F0 - system.ini: Shell=
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [FFADDC66] C:\WINDOWS\System32\rbsrxsxkm.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\khbpwaf.exe (submissions@atribune.org)
O4 - HKLM\..\RunServices: [1D3AB15F] C:\WINDOWS\System32\rbsrxsxkm.exe
O4 - HKLM\..\RunServices: [msvsrv32] msvsrv32.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwn...m/cab/crack.CAB

When you're done ticking boxes, click Fix Checked and let it remove the checked items. When that's done removing those entries, reboot.
When you're done rebooting, locate and delete the following folders/files( make sure you have Windows set to show all files by:
On the Tools menu in Windows Explorer, click Folder Options.
Click the View tab.
Under Hidden files and folders, click Show hidden files and folders.
Note: To access Windows Explorer, click Start, point to All Programs, and then click Windows Explorer.)

Using Find Files, locate and delete the following items:
C:\Program Files\TV Media\ (delete the whole folder)
rbsrxsxkm.exe
khbpwaf.exe
msvsrv32.exe

Once you have those deleted again, reboot and see if that fixed anything/everything.

You might also want to consider getting some sort of AntiVirus program and running it at least once a week. A free online one can be found at http://housecall.trendmicro.com or if you prefer to download one and run it locally, you can try AVG which can be found and downloaded from http://www.grisoft.com/ .

If anything comes up or you don't understand something, feel free to come back and ask in the chatroom or here on the forums.

Oh, you'll also want to download and install http://www.microsoft...&displaylang=en to patch up at least one hole in XP.

Edited by Aaron B., 03 July 2004 - 03:07 AM.

"This is no mere ranger. He is Aragorn, son of Arathorn. You owe him your allegiance."
- Legolas from The Fellowship of the Ring
My personally hosted website

CWShredder download
HiJackThis download

#5 Monte_NZ

Monte_NZ

    Member

  • New Member
  • Pip
  • 4 posts

Posted 04 July 2004 - 11:46 AM

Thanks alot everyone who's helped me.. :) You guys rock! :D My internet is alot smoother and consistent now. I got AVG btw.

#6 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 04 July 2004 - 11:56 AM

It would be a good idea to post a fresh log to make sure you are clean....
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button