Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked Now Running Very Slow After Trying To Fix - Log Attached


  • Please log in to reply
1 reply to this topic

#1 zmb

zmb

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 11 January 2006 - 02:16 PM

Hello,
I recently got a virus on my computer which made the computer very slow, put new wall paper on my desktop, added spysheriff, and other things. I tried to fix the problem myself by running ad aware, spybot, ewido, Panda antivirus, and HijackThis. Now my computer only starts in safe mode. It will turn on in regular mode but everything runs very slow and it rarely will open a file or application. Also, in regular mode the CPU usage is very high. I did remove some R1's and maybe an R0 or O1. I'm not sure if doing that could have caused some problems. Below is my HijackThis log in Safe Mode:

Logfile of HijackThis v1.99.1
Scan saved at 1:55:45 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Zack\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {027602E2-163B-E675-169C-61D11C7D6D27} - C:\WINDOWS\system32\addco32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {0E398712-CDE2-4663-B9EC-2FA757209FB1} - C:\WINDOWS\system32\sysxq.dll (file missing)
O2 - BHO: Class - {1A6A71F5-8D2A-F244-1BC7-73BCB7B92CED} - C:\WINDOWS\system32\d3fg32.dll (file missing)
O2 - BHO: Class - {1EABA81C-2968-BCA1-3144-3C81DF7686E0} - C:\WINDOWS\system32\crzp.dll (file missing)
O2 - BHO: AtBHOObj Class - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program Files\Common Files\GuruNet Shared\agtbho.dll
O2 - BHO: Class - {35EBA684-9D78-F0B4-2E69-286CA547ADE9} - C:\WINDOWS\system32\adduw32.dll (file missing)
O2 - BHO: Class - {369A63AB-22E5-CEAD-69B4-F3234AC621E8} - C:\WINDOWS\system32\mfczf32.dll (file missing)
O2 - BHO: Class - {3F6BC910-A0C2-FC7D-A50C-73A56B10D9EF} - C:\WINDOWS\apiqt32.dll (file missing)
O2 - BHO: Class - {59032CD0-6861-388D-3398-80FD4CCFF228} - C:\WINDOWS\cred32.dll (file missing)
O2 - BHO: Class - {5E4F3BA8-8431-6734-64CD-822C3E86697B} - C:\WINDOWS\crrc32.dll (file missing)
O2 - BHO: Class - {6742C3D1-BD21-8E93-CE5B-B08960395678} - C:\WINDOWS\system32\atlvq32.dll
O2 - BHO: Class - {6839647D-EE2D-EC37-AA49-65E2C173122E} - C:\WINDOWS\javabv32.dll
O2 - BHO: Class - {99F0E077-D792-D9CB-1B91-6B33C2CEB9AB} - C:\WINDOWS\system32\netmz32.dll (file missing)
O2 - BHO: Class - {A7965648-2D3D-951F-7592-B85CE722DB02} - C:\WINDOWS\ienu32.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: GuruNet - {E8893D9E-169E-4a05-B0B6-FC5809D1AA77} - C:\PROGRA~1\GuruNet\Toolbar\GuruNetToolbarU.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\system32\hpnra.exe
O4 - HKLM\..\Run: [HP Status] C:\WINDOWS\system32\hpstatus.exe
O4 - HKLM\..\Run: [HP Proxy Server] C:\Program Files\Hewlett-Packard\ProxyService\ProxyService.lnk
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [FMStart] "C:\Program Files\GFI\FAXmaker Client\fmstart.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [netrw.exe] C:\WINDOWS\system32\netrw.exe
O4 - HKLM\..\Run: [16.tmp] C:\DOCUME~1\Zack\LOCALS~1\Temp\16.tmp.exe
O4 - HKLM\..\Run: [17.tmp] C:\DOCUME~1\Zack\LOCALS~1\Temp\17.tmp.exe
O4 - HKLM\..\Run: [16.tmp.exe] C:\DOCUME~1\Zack\LOCALS~1\Temp\16.tmp.exe
O4 - HKLM\..\Run: [17.tmp.exe] C:\DOCUME~1\Zack\LOCALS~1\Temp\17.tmp.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [iezy.exe] C:\WINDOWS\system32\iezy.exe
O4 - HKLM\..\Run: [crra32.exe] C:\WINDOWS\system32\crra32.exe
O4 - HKLM\..\RunOnce: [apiwm.exe] C:\WINDOWS\system32\apiwm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe -a
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
O4 - Global Startup: GuruNet.lnk = C:\Program Files\GuruNet\GuruNet.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - http://ftp.gurunet.com/pub/cabs/GNInstaller.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097111423884
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136910331330
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE1DA4D3-F3BB-46CC-9BB1-37943587DADE} - http://www.goleads.net/goleadsmarketingsys...arketingCRM.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\appie32.exe" /s (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\system32\hpb2ksrv.exe
O23 - Service: HP Status Print - Unknown owner - C:\WINDOWS\system32\hpbhksrv.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - PANDA SOFTWARE - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

BC AdBot (Login to Remove)

 


m

#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 20 January 2006 - 05:41 PM

Add remove programs remove viewpoint

DownLoad http://www.intermute.com/spysubtract/cwshr...r_download.html
Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"

Fix these with HJT mark them, close IE, click fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rglja.dll/sp.html#58582%resultposition.net

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {027602E2-163B-E675-169C-61D11C7D6D27} - C:\WINDOWS\system32\addco32.dll (file missing)

O2 - BHO: Class - {0E398712-CDE2-4663-B9EC-2FA757209FB1} - C:\WINDOWS\system32\sysxq.dll (file missing)

O2 - BHO: Class - {1A6A71F5-8D2A-F244-1BC7-73BCB7B92CED} - C:\WINDOWS\system32\d3fg32.dll (file missing)

O2 - BHO: Class - {1EABA81C-2968-BCA1-3144-3C81DF7686E0} - C:\WINDOWS\system32\crzp.dll (file missing)

O2 - BHO: Class - {35EBA684-9D78-F0B4-2E69-286CA547ADE9} - C:\WINDOWS\system32\adduw32.dll (file missing)

O2 - BHO: Class - {369A63AB-22E5-CEAD-69B4-F3234AC621E8} - C:\WINDOWS\system32\mfczf32.dll (file missing)

O2 - BHO: Class - {3F6BC910-A0C2-FC7D-A50C-73A56B10D9EF} - C:\WINDOWS\apiqt32.dll (file missing)

O2 - BHO: Class - {59032CD0-6861-388D-3398-80FD4CCFF228} - C:\WINDOWS\cred32.dll (file missing)

O2 - BHO: Class - {5E4F3BA8-8431-6734-64CD-822C3E86697B} - C:\WINDOWS\crrc32.dll (file missing)

O2 - BHO: Class - {6742C3D1-BD21-8E93-CE5B-B08960395678} - C:\WINDOWS\system32\atlvq32.dll

O2 - BHO: Class - {6839647D-EE2D-EC37-AA49-65E2C173122E} - C:\WINDOWS\javabv32.dll

O2 - BHO: Class - {99F0E077-D792-D9CB-1B91-6B33C2CEB9AB} - C:\WINDOWS\system32\netmz32.dll (file missing)

O2 - BHO: Class - {A7965648-2D3D-951F-7592-B85CE722DB02} - C:\WINDOWS\ienu32.dll (file missing)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [netrw.exe] C:\WINDOWS\system32\netrw.exe

O4 - HKLM\..\Run: [16.tmp] C:\DOCUME~1\Zack\LOCALS~1\Temp\16.tmp.exe

O4 - HKLM\..\Run: [17.tmp] C:\DOCUME~1\Zack\LOCALS~1\Temp\17.tmp.exe

O4 - HKLM\..\Run: [16.tmp.exe] C:\DOCUME~1\Zack\LOCALS~1\Temp\16.tmp.exe

O4 - HKLM\..\Run: [17.tmp.exe] C:\DOCUME~1\Zack\LOCALS~1\Temp\17.tmp.exe

O4 - HKLM\..\Run: [iezy.exe] C:\WINDOWS\system32\iezy.exe

O4 - HKLM\..\Run: [crra32.exe] C:\WINDOWS\system32\crra32.exe

O4 - HKLM\..\RunOnce: [apiwm.exe] C:\WINDOWS\system32\apiwm.exe

O23 - Service: Network Security Service (NSS) ( 11F #`I) - Unknown owner - C:\WINDOWS\system32\appie32.exe" /s (file missing)
===================
Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

Network Security Service

Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.



DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\atlvq32.dll
C:\WINDOWS\javabv32.dll
C:\Program Files\Viewpoint
C:\WINDOWS\system32\netrw.exe
C:\WINDOWS\system32\iezy.exe
C:\WINDOWS\system32\crra32.exe
C:\WINDOWS\system32\apiwm.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START RUN type in %temp% OK - Edit Select all File Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didnt work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users