[TxRoseRed]

Hi - I did everything I was supposed to do to remove the Quake spyware and it didn't work. Here are the smitfile.txt and the Hijacthis log from Panda ... I'm at a loss -

HELP! Pretty Please???

Rose



here are the copies of my smitfiles


Running from
C:\Documents and Settings\Compaq_Owner\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url


~~~ Favorites ~~~



~~~ system32 folder ~~~

1024 dir
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
oleext.dll
hp***.tmp


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~

warnhp.html


~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 792 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

wininet.dll INFECTED!! Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~



~~~ Upon reboot ~~~

wininet.old present!
oleadm.dll not present!
oleext.dll present!


~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~


~~~~ C:\WINDOWS\system32\wininet.dll Clean! ~~~~


ncident Status Location

Adware:adware/alfacleaner Not disinfected C:\WINDOWS\SYSTEM32\INTELL321.EXE
Potentially unwanted tool:Application/007Spy Not disinfected C:\Program Files\Common Files\Microsoft Shared\DAO\system32_\svchost.exe
Potentially unwanted tool:application/spywarequake Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SpywareQuake 2.0.lnk
Adware:adware/emediacodec Not disinfected C:\WINDOWS\SYSTEM32\dfrgsrv.exe
Adware:adware/alfacleaner Not disinfected C:\WINDOWS\SYSTEM32\intell321.exe
Spyware:spyware/smitfraud Not disinfected C:\WINDOWS\SYSTEM32\oleext.dll
Adware:adware/securityerror Not disinfected C:\Documents and Settings\Compaq_Owner\Favorites\Antivirus Test Online.url
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adultfriendfinder[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@belnk[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgi-bin[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@com[2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@entrepreneur[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@gostats[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@maxserving[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@qsrch[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@target[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tickle[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tradedoubler[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[2].txt
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-79d29e04-5b4aaf0c.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-79d29e04-5b4aaf0c.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-79d29e04-5b4aaf0c.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-79d29e04-5b4aaf0c.zip[Worker.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-79d29e04-5b4aaf0c.zip[Xeyond.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adultfriendfinder[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@belnk[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgi-bin[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@com[2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@entrepreneur[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@gostats[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Netster Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@maxserving[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@qsrch[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@target[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tickle[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tradedoubler[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Compaq_Owner\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Compaq_Owner\Desktop\smitRem.exe[Process.exe]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Cookies\compaq_owner@doubleclick[1].txt
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/007Spy Not disinfected C:\Program Files\Common Files\Microsoft Shared\DAO\system32_\svchost.exe
Virus:Trj/Lowzones.QF Not disinfected C:\WINDOWS\system32\lich.exe
Virus:W32/Smitfraud.D Not disinfected C:\WINDOWS\system32\oleext32.dll
Virus:Trj/Lowzones.QF Not disinfected C:\zdj.exe

[Advertisements]

Hi TxRoseRed

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.
Pocket Killbox

• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  
  C:\WINDOWS\SYSTEM32\dfrgsrv.exe
  C:\WINDOWS\SYSTEM32\intell321.exe
  C:\WINDOWS\SYSTEM32\oleext.dll
  C:\WINDOWS\system32\lich.exe
  C:\WINDOWS\system32\oleext32.dll
  C:\zdj.exe
  C:\WINDOWS\system32\stickrep.dll
  
  
  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


After the reboot

Please download ATF Cleaner by Atribune.Save it to the desktop
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Please post a Hijack log and tell me the problems you are still having, if any

Thanks

Edited by loophole, 02 April 2006 - 08:04 PM.

[loophole]

Hi TxRoseRed

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.
Pocket Killbox

• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  
  C:\WINDOWS\SYSTEM32\dfrgsrv.exe
  C:\WINDOWS\SYSTEM32\intell321.exe
  C:\WINDOWS\SYSTEM32\oleext.dll
  C:\WINDOWS\system32\lich.exe
  C:\WINDOWS\system32\oleext32.dll
  C:\zdj.exe
  C:\WINDOWS\system32\stickrep.dll
  
  
  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


After the reboot

Please download ATF Cleaner by Atribune.Save it to the desktop
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Please post a Hijack log and tell me the problems you are still having, if any

Thanks

Edited by loophole, 02 April 2006 - 08:04 PM.