Help needed on IE6 after attack of ibm00003 virus

[Simple Guy]

My IE6 cannot load after an attack of ibm00003. How to I remove all
trace of the virus in order to have my IE6 Internet Explorer load.
Logfile of HijackThis v1.99.1
Scan saved at 2:10:08 AM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Bright.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\E-Color\Colorific\hgcctl95.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\BitLord\BitLord.exe
F:\PortableFirefox\firefox\firefox.exe
F:\VirusRemovalTools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
F2 - REG:system.ini: Shell=explorer.exe

"C:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00003.exe"
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A}
- C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} -
mscoree.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\ms\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} -
C:\WINDOWS\system32\wer5760.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program
Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program
Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Coloreal Hint] C:\Program
Files\WayTech\Coloreal\Coloreal Bright\Coloreal Hint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe"
/nosplash /minimized
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton
SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A}
/MODE CfgWiz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Coloreal Bright.lnk = ?
O4 - Global Startup: Coloreal Hint.lnk = ?
O4 - Global Startup: Coloreal Visual.lnk = C:\Program
Files\WayTech\Coloreal\Coloreal Visual\ColorealVisual.exe
O4 - Global Startup: E-Color.lnk = C:\Program
Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program
Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} -
C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... -
{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} -
C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ -
{6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF}
(PatchInstaller.Installer) -
file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121106054046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
-
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135428155312
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX
6.5) -
http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD
Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{D49A9F02-DAD0-4FD4-97DC-AC08B190BEF9}:
NameServer = 202.188.0.133 202.188.1.5
O21 - SSODL: fldrsys - {CD642F85-E07F-4A7E-841E-768DDA908C8D} - (no
file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

[David H. Lipman]

From: "Simple Guy" <[email protected]>

| My IE6 cannot load after an attack of ibm00003. How to I remove all
| trace of the virus in order to have my IE6 Internet Explorer load.
| Logfile of HijackThis v1.99.1
| Scan saved at 2:10:08 AM, on 1/17/2006
| Platform: Windows XP SP2 (WinNT 5.01.2600)
| MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
|

< snip >

You really don't deserve help because you don't follow directions !

You posted in two threads already. One thread was totally ignored and the other a thread
was begun but you failed to follow the directions given you. Then you post start posting
HJT logs all over the place.

Plain and simple for a simpleton...

Follow directions when they are provided to you. Don't post HJT logs without being
requested to do so.

Stick to the support thread once started an keep to it and don't post all over the place
when you were already receiving assistance !

The following are the PROPER places to post HJT logs !

Forums where you can get expert advice for HiJack This! (HJT) logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order

http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5

{ borrowed from the alt.privacy.spyware News Group }

 

[Simple Guy]

my problem is more than a week old. actually i try all suggested
solutions but no solution. i still cannot load ie6.

 

[Todd H.]

my problem is more than a week old. actually i try all suggested
solutions but no solution. i still cannot load ie6.

Reinstall windows. Takes a couple of hours.

 

[David H. Lipman]

From: "Todd H." <[email protected]>


|
| Reinstall windows. Takes a couple of hours.
|

I agree !

 

[Peter Seiler]

Todd H. - 18.01.2006 19:58 :

Reinstall windows. Takes a couple of hours.

no, that depends. In my case I would need weeks installing Windows,
SP1/SP2, search, redownload and install and register hundreds of
applikations again and configure all them to my personal wishes again
incl. browser, news-and mailclient and so on. A terrible imagination at
all. So I do imaging my HDs and partitions often daily (Acronis
TrueImage). In case of any destruction this way it takes realy only some
few minutes.

 

[Todd H.]

Todd H. - 18.01.2006 19:58 :


no, that depends. In my case I would need weeks installing Windows,
SP1/SP2, search, redownload and install and register hundreds of
applikations again and configure all them to my personal wishes again
incl. browser, news-and mailclient and so on. A terrible imagination at
all. So I do imaging my HDs and partitions often daily (Acronis
TrueImage). In case of any destruction this way it takes realy only some
few minutes.

That's true, but not terribly pertinent, I'm afraid.

I.e would your faithfully maintained Acronic TrueImage backups of your
system help the OP (Simple Guy) at all?

Reinstalling Windows does only take a couple of hours.

It's rebuilding a system to the condition it was in
pre-infection--yeah, that can take a lot more time on top of the
installation. But I bet it takes less time than he's spent dicking
around trying to rid himself of this virus.

Rx for malware infection for the cautious does not change:
Reinstall from original media.

Best Regards,

 

[pcbutts1]

Ignore those fools who freak out at seeing HJT logs. Have HJT fix the
following lines by placing a check in the box next to each line then click
on the fix checked button on the bottom. Also do not use Ares use limewire
www.limewire.com


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
F2 - REG:system.ini: Shell=explorer.exe
"C:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00003.exe"
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} -
mscoree.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\ms\msntb.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} -
C:\WINDOWS\system32\wer5760.dll
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program
Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Coloreal Bright.lnk = ?
O4 - Global Startup: Coloreal Hint.lnk = ?
O4 - Global Startup: Coloreal Visual.lnk = C:\Program
Files\WayTech\Coloreal\Coloreal Visual\ColorealVisual.exe
O4 - Global Startup: E-Color.lnk = C:\Program
Files\E-Color\Common\IconMgr.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF}
(PatchInstaller.Installer) -
file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD
Class) - file://D:\Content\include\msSecUcd.cab
O21 - SSODL: fldrsys - {CD642F85-E07F-4A7E-841E-768DDA908C8D} - (no
file)

When done before you reboot download and run AntiPuper v1.1 by secured2k
http://secured2k.home.comcast.net/tools/AntiPuper.exe and

VirtumundoBeGone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[Heather]

You dickbrain!! Limewire has had a virus in it for months.....Ares
doesn't!! Limewire's data base was infiltrated and if one is
downloading other than mp3's, they will get it.

And we don't freak out at HJT logs, but prefer that the experts on the
spyware forums read them......not plagiarists like you.....

HF

 

[Offbreed]

my problem is more than a week old. actually i try all suggested
solutions but no solution. i still cannot load ie6.

Good manners would have been to go back to the original thread and say
that you tried what was recommended and what do you try next? It keeps
the flow of information going better for all concerned.

I refuse to have Internet Explorer in my computer.

 

[pcbutts1]

I am going to be nice and only call you a whore because you really don't
know what you are talking about. The program Limewire is clean the
downloadable data base is not. Ares is not clean you whore.
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2005-51,GGLG:en&q=Ares.exe


--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[Shane]

Ignore those fools who freak out at seeing HJT logs.

The person calling himself pcbutts1 - who demonstrates, by images and libels
he posts to the internet both with reference to himself and to his intended
victims, an obsession with homosexual perversions that strongly suggest a
fundamental and potentially-psychopathic lack of empathy or self-control
common to the homicidal maniac (and possibly explained by brain injury) -
claims not to be Christopher Butts of JPL.

In which case he may be trying to get Christopher Butts of JPL murdered. In
other words pcbutts1 may be engaged in attempted murder even now.

Look at images and libels pcbutts1 has posted and you'll not only suspect
that he *loves* machine pistols, like a Gestapo operative might have, but
probably that he shoves them up himself (like a Gestapo etc
etc...)...Really...just look at what he thought to post. Wouldn't occur to a
stable mind. In the interests of furthering Psychological Profiling, let me
know if he had any Semtex or the like?

Thanks.

Shane Beatson, United Kingdom, 19/01/06

ps How 'bout Newcastle?

 

[pcbutts1]

I still have your picture http://www.pcbutts1.com/shanebeatson.jpg

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[Shane]

A response but no denial is all that's needed. Goodbye.


Shane

 

[Heather]

Oh....so calling me that was *nice*....lol. Considering the vile
website you have, I suppose it is. Trying to decide if you are just
mentally challenged or 85 years old, because your continual use of that
word is so terribly passé.

Quote....the program is clean, the downloadable database is
not.....unquote. Idiot.....it has a ton of small viruses or trojans
that will only bother those who download pirated programs. At least you
are familiar with those, seeing as you steal other people's programs and
try to palm them off as your own. PLAGIARIST!! THIEF!!

I won't lower myself to your vulgar level with the usage of common foul
language. You have the IQ of a gnat!!

 

[Simple Guy]

Actually I have posted to the so-called specialist forums like aumha
and spybot. I got many views and no reply. I have tried tomcoyote but
cannot get into the forums. I tried to registered, I got the
registration screen, I filled in the blanks and sent. Nothing happened
after that. I am still not registered and no access to foruns at
tomcoyote. That is enough for me to say about specialised forums.

 

[Shane]

So e-mail the little ****er.


Shane

 

[pcbutts1]

Here is my answer again.
Ignore those fools who freak out at seeing HJT logs. Have HJT fix the
following lines by placing a check in the box next to each line then click
on the fix checked button on the bottom. Also do not use Ares use limewire
www.limewire.com


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
F2 - REG:system.ini: Shell=explorer.exe
"C:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00003.exe"
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} -
mscoree.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\ms\msntb.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} -
C:\WINDOWS\system32\wer5760.dll
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program
Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Coloreal Bright.lnk = ?
O4 - Global Startup: Coloreal Hint.lnk = ?
O4 - Global Startup: Coloreal Visual.lnk = C:\Program
Files\WayTech\Coloreal\Coloreal Visual\ColorealVisual.exe
O4 - Global Startup: E-Color.lnk = C:\Program
Files\E-Color\Common\IconMgr.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF}
(PatchInstaller.Installer) -
file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD
Class) - file://D:\Content\include\msSecUcd.cab
O21 - SSODL: fldrsys - {CD642F85-E07F-4A7E-841E-768DDA908C8D} - (no
file)

When done before you reboot download and run AntiPuper v1.1 by secured2k
http://secured2k.home.comcast.net/tools/AntiPuper.exe and

VirtumundoBeGone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe



--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[Todd H.]

Actually I have posted to the so-called specialist forums like aumha
and spybot. I got many views and no reply.

Shocking.

 

[Simple Guy]

To pcbutts1

I cannot believe that I should delete and modify all those lines of HJT
that you have mentioned. For example BCWipe, ICQ, Yahoo and MSN
Messenger are programs I need. Coloreal is program supplied with my
nVidia VGA card to corrected the color display.

I can delete Ares. Line F2 I can edit out ibm00003. Do I have to edit
out shell=explorer.exe too?