i have 2 trojans that i cant get rid off. i have system suite and it says it can't delete them. i tried disabling my system restore and then running system suite and avhousecall but both of them still cant delete the two trojans. i ran hijack this, heres my list: Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MDM.exe C:\WINDOWS\SYSTEM\SSDPSRV.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe C:\WINDOWS\EXPLORER.exe C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.exe C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.exe C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.exe C:\WINDOWS\LOADQM.exe C:\WINDOWS\SYSTEM\QTTASK.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\WINDOWS\SYSTEM\HPZTSB04.exe C:\WINDOWS\RUNDLL32.exe C:\WINDOWS\SYSTEM\IEDRIVER\IEDRIVER.exe C:\WINDOWS\UPTODATE.exe C:\WINDOWS\RUNDLL32.exe C:\WINDOWS\CZEXESVS.exe C:\WINDOWS\RUNDLL32.exe C:\WINDOWS\AV.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.exe C:\PROGRAM FILES\VCOM\SYSTEMSUITE\MXTASK.exe C:\WINDOWS\SYSTEM\DDHELP.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe C:\WINDOWS\SYSTEM\PSTORES.exe C:\PROGRAM FILES\VCOM\POWERDESK\PDEXPLO.exe C:\WINDOWS\TEMP\~~PDTEMP\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\sb.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=8150CC10-4AD8-4BBE-8AF3-FFD1E590EEEE&version_id=18 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL O2 - BHO: (no name) - {BAD64B27-7EF9-4D05-9F95-4930527300FE} - C:\WINDOWS\SYSTEM\MSEGXCH40.DLL O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44A} - C:\WINDOWS\SYSTEM\STLBUPDT.DLL O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL O2 - BHO: (no name) - {C2B5DAE8-D7F9-5455-7E3A-37944129768A} - C:\windows\system\nixvqtwb.dll O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file) O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM\IETie.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM\STLBDIST.DLL O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\SYSTEM\IEDriver\IEDriver.exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\UPTODATE.exe O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C2-5297EF71F44B}] rundll32.exe C:\WINDOWS\SYSTEM\STLBUPDT.DLL,DllRunMain O4 - HKLM\..\Run: [nuurzmyn] C:\WINDOWS\czexesvs.exe O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe O4 - HKLM\..\Run: [RCScheduleCheck] C:\PROGRAM FILES\VCOM\RECOVERY COMMANDER\RCSCHED.exe -CHECK O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MEMCHECK.exe O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\AV.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.exe 1 O4 - Startup: SystemSuite.lnk = C:\Program Files\VCOM\SystemSuite\MXTask.exe O9 - Extra button: Real.com (HKLM) O9 - Extra button: AIM (HKLM) O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab please help thanks

Hello Skirmb, Try and download the program Trojan Remover 6.15 freeware for one month, fully updated, and the only program to use two specific's scan: one for the memory, one to hunt and eradicate the worm hidden in the hard drive.

Run HijackThis again and place a check in the box next to the following items. Doublecheck so as to be sure not to miss one. Next, close all browser Windows, and have HT 'fix checked'. You Must restart your computer when you're done. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\sb.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=8150CC10-4AD8-4BBE-8AF3-FFD1E590EEEE&version_id=18 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\SYSTEM\STLBDIST.DLL O2 - BHO: (no name) - {BAD64B27-7EF9-4D05-9F95-4930527300FE} - C:\WINDOWS\SYSTEM\MSEGXCH40.DLL O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44A} - C:\WINDOWS\SYSTEM\STLBUPDT.DLL O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL O2 - BHO: (no name) - {C2B5DAE8-D7F9-5455-7E3A-37944129768A} - C:\windows\system\nixvqtwb.dll O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file) O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM\IETie.dll O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\SYSTEM\STLBDIST.DLL O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\WINNET.exe O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\SYSTEM\STLBDIST.DLL,DllRunMain O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\SYSTEM\IEDriver\IEDriver.exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\UPTODATE.exe O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C2-5297EF71F44B}] rundll32.exe C:\WINDOWS\SYSTEM\STLBUPDT.DLL,DllRunMain O4 - HKLM\..\Run: [nuurzmyn] C:\WINDOWS\czexesvs.exe O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\AV.EXE After restarting delete the following: Files: C:\WINDOWS\UPTODATE.exe C:\WINDOWS\czexesvs.exe C:\WINDOWS\BELT.exe C:\WINDOWS\AV.exe Folders: C:\Program Files\CommonName C:\Program Files\ClearSearch C:\WINDOWS\SYSTEM\IEDriver

hi skirmb, do the following: kill these running processes if you have them: systemroot+\system32\eah1q5.exe systemroot+\system32\gdnhxa.exe systemroot+\system32\hcj2s6.exe systemroot+\system32\wapd25tc.exe systemroot+\system32\zhrcofz.exebhogv.exe czuoq.exe etz3gap2.exe fruz6x9.exe ghjz.exe iga051.exe oval63h.exe uninst.exe zhrcofz.exe Remove AutoRun Reference: Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. If you find the value , delete it and reboot the machine immediately. Unregister this dll stlbdist.dll using regsrv32 Remove these registry items (if present) with RegEdit: HKEY_LOCAL_MACHINE\hkey_local_machine\software\3tc4l6e4h5bn4b HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\4ec22qp5z6al4n HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\dss Remove these files (if present) with Windows Explorer: systemroot+\system32\eah1q5.exe systemroot+\system32\gdnhxa.exe systemroot+\system32\hcj2s6.exe systemroot+\system32\wapd25tc.exe systemroot+\system32\zhrcofz.exe3tc4l6e4h5bn4b.reg bhogv.exe czuoq.exe ejgzxrf.9w2 epbbr84y.q10 etz3gap2.exe fruz6x9.exe ghjz.exe iga051.exe oval63h.exe peper1.reg peper2.reg peperkey.reg peperstart.reg stlbdist.dll stlbdist.xml ung1jla.tzj uninst.exe xzm0jfos.3md ykv06.h2p zhrcofz.exe zkviq.i5q that should take care of Peper. For the other trojan: av.exe and czexesvs.exe, and belt.exe you should go into safe mode and scan your machine with spybot, adaware and a good anti-trojan, and an anti-virus. for more info on trojan horses go to www.thepublicworks.com security section and read up. all the best, murve

hey thanks for the help so far i got rid of the things in hijackthis that tom41 recommended which helped, but i couldnt delete C:\WINDOWS\SYSTEM\IEDriver and C:\WINDOWS\czexesvs.exe. There was nothing wrong in my regeditor. What else should i do?