Surf Side Kick Problems

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Surf Side Kick Problems

Options

rookie147 View Member Profile	Jan 23 2008, 04:45 PM Post #16
Forum Addict Group: HJT Team Coach Posts: 5,271 Joined: 1-April 06 Member No.: 62,052	Now can you rename HijackThis again for me and post a new log. Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx View Member Profile	Jan 23 2008, 04:59 PM Post #17
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:59, on 2008-01-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\StorageProtector\strpmon .exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\Common Files\StorageProtector\strpmon .exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://storageprotector.com/clean/sale.php...26676&addt= O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [Five 01 else bias] C:\Documents and Settings\All Users\Application Data\Web Okay Five 01\atom nurb.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [StorageProtector] C:\Program Files\StorageProtector\SysRep .exe O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(4)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(5)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(6)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(7)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(8)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(9)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(10)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(11)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(12)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(13)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(14)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKCU\..\Run: [CLOSESTART] C:\DOCUME~1\ONTHEG~1\APPLIC~1\CREATI~1\idlescrpoll.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8403 bytes

rookie147 View Member Profile	Jan 24 2008, 05:41 PM Post #18
Forum Addict Group: HJT Team Coach Posts: 5,271 Joined: 1-April 06 Member No.: 62,052	It's still showing as HijackThis.exe ... did you try renaming it? -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx View Member Profile	Jan 24 2008, 09:47 PM Post #19
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	If it still shows up as hijackthis, then i dont know i did what you told me too me if it worked then sweet Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:46, on 2008-01-24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\StorageProtector\strpmon .exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\Common Files\StorageProtector\strpmon .exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lsawdclj.exe C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://storageprotector.com/clean/sale.php...26676&addt= O2 - BHO: {8d4b20bc-7d54-d27b-d1f4-3f995d9ace10} - {01eca9d5-99f3-4f1d-b72d-45d7cb02b4d8} - C:\WINDOWS\system32\gpywdoiv.dll O2 - BHO: (no name) - {02D78543-78CA-418E-9F4A-9538D096352D} - C:\WINDOWS\system32\jkklj.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\aoctaxci.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [Five 01 else bias] C:\Documents and Settings\All Users\Application Data\Web Okay Five 01\atom nurb.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [StorageProtector] C:\Program Files\StorageProtector\SysRep .exe O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(4)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(5)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(6)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(7)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(8)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(9)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(10)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(11)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(12)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(13)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(14)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKCU\..\Run: [CLOSESTART] C:\DOCUME~1\ONTHEG~1\APPLIC~1\CREATI~1\idlescrpoll.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: aoctaxci - C:\WINDOWS\SYSTEM32\aoctaxci.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: DomainService - - C:\WINDOWS\system32\lsawdclj.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9555 bytes

rookie147 View Member Profile	Jan 25 2008, 04:17 AM Post #20
Forum Addict Group: HJT Team Coach Posts: 5,271 Joined: 1-April 06 Member No.: 62,052	Please print off a copy of these instructions, and also save them to a Notepad file on your Desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. Scan again with HijackThis and put a checkmark next to each of the following entries (if present): O2 - BHO: {8d4b20bc-7d54-d27b-d1f4-3f995d9ace10} - {01eca9d5-99f3-4f1d-b72d-45d7cb02b4d8} - C:\WINDOWS\system32\gpywdoiv.dll O2 - BHO: (no name) - {02D78543-78CA-418E-9F4A-9538D096352D} - C:\WINDOWS\system32\jkklj.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\aoctaxci.dll O4 - HKLM\..\Run: [Five 01 else bias] C:\Documents and Settings\All Users\Application Data\Web Okay Five 01\atom nurb.exe O4 - HKLM\..\Run: [StorageProtector] C:\Program Files\StorageProtector\SysRep .exe O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(4)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(5)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(6)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(7)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(8)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(9)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(10)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(11)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(12)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(13)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(14)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKCU\..\Run: [CLOSESTART] C:\DOCUME~1\ONTHEG~1\APPLIC~1\CREATI~1\idlescrpoll.exe O20 - Winlogon Notify: aoctaxci - C:\WINDOWS\SYSTEM32\aoctaxci.dll O23 - Service: DomainService - - C:\WINDOWS\system32\lsawdclj.exe Then close all other windows - you should only see HijackThis on your Desktop - and click the Fix checked button. Reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Make sure you choose the option without Networking Support. Set your system to show all files. Navigate to Start \| My Computer \| Tools \| Folder Options. Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders". Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Find and delete the following files (if present): C:\WINDOWS\SYSTEM32\aoctaxci.dll C:\WINDOWS\system32\lsawdclj.exe And the following folders: C:\Documents and Settings\All Users\Application Data\Web Okay Five 01 C:\Program Files\StorageProtector Copy and paste the following text into Notepad: CODE sc stop DomainService sc delete DomainService Save this as "services.bat". Choose to save as all files and place it on your Desktop. Double-click services.bat. Reboot into Normal Mode again.* Please download NoLop to your Desktop. First close any other programs you have running; this will need you to reboot. Double click NoLop.exe to run it Now click the button labelled Search and Destroy <<Your computer will now be scanned for infected files>> When scanning is finished you will be prompted to reboot only if infected, click OK. Now click the REBOOT button. A message should popup from NoLop. If not, double click the program again and it will finish. Please post the contents of C:\NoLop.log in your next reply. Note: If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered", please download mscomctl.ocx to your System32 folder then re-run the program. Please run Panda's ActiveScan. Once you are on the Panda site click the Scan your PC button A new window will open, click the Check Now button. Enter your personal details. Click the big Scan Now button. It will ask to install various content - please allow this. It will start downloading the files it requires for the scan, which may take a while. When download is complete, click on Local Disks to start the scan. When the scan has finished - if anything malicious is found - click the See Report button. Click Save Report and save the file to your Desktop, so you can post this log in your next reply. Please include a new HijackThis log, the Panda report and NoLop.log in your reply. -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

rookie147 View Member Profile	Feb 14 2008, 12:08 PM Post #21
Forum Addict Group: HJT Team Coach Posts: 5,271 Joined: 1-April 06 Member No.: 62,052	Due to lack of feedback, this topic is now closed. If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

rookie147 View Member Profile	Feb 24 2008, 03:39 PM Post #22
Forum Addict Group: HJT Team Coach Posts: 5,271 Joined: 1-April 06 Member No.: 62,052	Re-opened by request. -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx View Member Profile	Feb 28 2008, 07:47 PM Post #23
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	ok this is Thursday and im going to try the nolop cause my computer keeps crashing and im going away on a family trip and wont be able to do it till Sunday so plz keep it open and help me on fixing the crashing thing

rookie147 View Member Profile	Mar 1 2008, 05:04 PM Post #24
Forum Addict Group: HJT Team Coach Posts: 5,271 Joined: 1-April 06 Member No.: 62,052	Okay sure. Thanks for letting me know. -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx View Member Profile	Mar 4 2008, 10:58 PM Post #25
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817	alright im going to post this before u close it again and i figure why it keeps crashing, every time i use my computer the and i end task of the explore... it runs fine but if i keep running... it crashes every 10mins but havin no desktop is kinda gay. hers the highjack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:53, on 2008-03-04 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HighjackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://82.98.235.210/go//?cmp=nm_wm&ui...:en-us:official O2 - BHO: {62e1975b-0573-c3aa-3e84-cc9e5585ab43} - {34ba5855-e9cc-48e3-aa3c-3750b5791e26} - C:\WINDOWS\system32\oohfaowa.dll O2 - BHO: (no name) - {44DFB43E-55D4-4314-876A-5F207F511C9F} - C:\WINDOWS\system32\jkklj.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\aoctaxci.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [BMe3e56744] Rundll32.exe "C:\WINDOWS\system32\feguxntr.dll",s O4 - HKLM\..\Run: [e0d654d8] rundll32.exe "C:\WINDOWS\system32\uaccwcpj.dll",b O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: aoctaxci - C:\WINDOWS\SYSTEM32\aoctaxci.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6753 bytes and the nolop but im going to get the panda thing asap NoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\On The Go\Desktop [2008-03-01] [06:42:09] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\BB14B9A49F232504.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... Fix Complete! ---Listing AppData sub directories--- C:\Documents and Settings\Administrator\Application Data\Adobe C:\Documents and Settings\Administrator\Application Data\Adobeum -- EMPTY Directory C:\Documents and Settings\Administrator\Application Data\Aol C:\Documents and Settings\Administrator\Application Data\Apple Computer C:\Documents and Settings\Administrator\Application Data\Corel C:\Documents and Settings\Administrator\Application Data\Google C:\Documents and Settings\Administrator\Application Data\Help -- EMPTY Directory C:\Documents and Settings\Administrator\Application Data\Identities C:\Documents and Settings\Administrator\Application Data\Intervideo C:\Documents and Settings\Administrator\Application Data\Macromedia C:\Documents and Settings\Administrator\Application Data\Microsoft C:\Documents and Settings\Administrator\Application Data\Mozilla C:\Documents and Settings\Administrator\Application Data\Msn6 C:\Documents and Settings\Administrator\Application Data\Myprivacy C:\Documents and Settings\Administrator\Application Data\Real -- EMPTY Directory C:\Documents and Settings\Administrator\Application Data\Sbsoft C:\Documents and Settings\Administrator\Application Data\Sony Corporation C:\Documents and Settings\Administrator\Application Data\Sun C:\Documents and Settings\Administrator\Application Data\Symantec C:\Documents and Settings\Administrator\Application Data\The Labyrinth Plus! Edition C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Aol C:\Documents and Settings\All Users\Application Data\Apple C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Google C:\Documents and Settings\All Users\Application Data\Messenger Plus! C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Msn6 C:\Documents and Settings\All Users\Application Data\Olympus C:\Documents and Settings\All Users\Application Data\Quicktime C:\Documents and Settings\All Users\Application Data\Salesmon C:\Documents and Settings\All Users\Application Data\Sony C:\Documents and Settings\All Users\Application Data\Sony Corporation C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy C:\Documents and Settings\All Users\Application Data\Storageprotector C:\Documents and Settings\All Users\Application Data\Superantispyware.com C:\Documents and Settings\All Users\Application Data\Symantec C:\Documents and Settings\All Users\Application Data\Viewpoint C:\Documents and Settings\All Users\Application Data\Wlinstaller C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Localservice\Application Data\Google -- EMPTY Directory C:\Documents and Settings\Localservice\Application Data\Macromedia C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Localservice\Application Data\Mozilla C:\Documents and Settings\Localservice\Application Data\Sbsoft C:\Documents and Settings\Networkservice\Application Data\Microsoft C:\Documents and Settings\On The Go\Application Data\Adobe C:\Documents and Settings\On The Go\Application Data\Adobeum -- EMPTY Directory C:\Documents and Settings\On The Go\Application Data\Apple Computer C:\Documents and Settings\On The Go\Application Data\Creative Mp3 Log C:\Documents and Settings\On The Go\Application Data\Identities C:\Documents and Settings\On The Go\Application Data\Limewire C:\Documents and Settings\On The Go\Application Data\Macromedia C:\Documents and Settings\On The Go\Application Data\Mailfrontier C:\Documents and Settings\On The Go\Application Data\Microsoft C:\Documents and Settings\On The Go\Application Data\Mozilla C:\Documents and Settings\On The Go\Application Data\Soundspectrum C:\Documents and Settings\On The Go\Application Data\Sun C:\Documents and Settings\On The Go\Application Data\Superantispyware.com C:\Documents and Settings\On The Go\Application Data\Syntrillium C:\Documents and Settings\On The Go\Application Data\U3 C:\Documents and Settings\On The Go\Application Data\Utorrent C:\Documents and Settings\On The Go\Application Data\Xmlblueprint 5

rookie147 View Member Profile	Mar 6 2008, 04:52 PM Post #26
Forum Addict Group: HJT Team Coach Posts: 5,271 Joined: 1-April 06 Member No.: 62,052	Please now run Vundofix for me and post the log with a new HJT log and the requested Panda log. Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.

madphizx