 Surf Side Kick Problems |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT post a ComboFix log unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jan 23 2008, 04:45 PM
Post
#16
|
|
 Forum Addict  Group: Malware Response Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052  |
Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.   |
 |
 
|
|
Jan 23 2008, 04:59 PM
Post
#17
|
|
 Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817 |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59, on 2008-01-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\StorageProtector\strpmon .exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\Common Files\StorageProtector\strpmon .exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://storageprotector.com/clean/sale.php...26676&addt= O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [Five 01 else bias] C:\Documents and Settings\All Users\Application Data\Web Okay Five 01\atom nurb.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [StorageProtector] C:\Program Files\StorageProtector\SysRep .exe O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(4)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(5)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(6)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(7)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(8)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(9)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(10)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(11)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(12)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(13)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(14)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKCU\..\Run: [CLOSESTART] C:\DOCUME~1\ONTHEG~1\APPLIC~1\CREATI~1\idlescrpoll.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8403 bytes |
|
|
|
|
Jan 24 2008, 05:41 PM
Post
#18
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
It's still showing as HijackThis.exe ... did you try renaming it?
-------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
Jan 24 2008, 09:47 PM
Post
#19
|
|
|
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817 |
If it still shows up as hijackthis, then i dont know i did what you told me too me if it worked then sweet
 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:46, on 2008-01-24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\StorageProtector\strpmon .exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\Common Files\StorageProtector\strpmon .exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lsawdclj.exe C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://storageprotector.com/clean/sale.php...26676&addt= O2 - BHO: {8d4b20bc-7d54-d27b-d1f4-3f995d9ace10} - {01eca9d5-99f3-4f1d-b72d-45d7cb02b4d8} - C:\WINDOWS\system32\gpywdoiv.dll O2 - BHO: (no name) - {02D78543-78CA-418E-9F4A-9538D096352D} - C:\WINDOWS\system32\jkklj.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\aoctaxci.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [Five 01 else bias] C:\Documents and Settings\All Users\Application Data\Web Okay Five 01\atom nurb.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [StorageProtector] C:\Program Files\StorageProtector\SysRep .exe O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(4)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(5)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(6)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(7)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(8)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(9)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(10)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(11)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(12)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(13)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(14)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKCU\..\Run: [CLOSESTART] C:\DOCUME~1\ONTHEG~1\APPLIC~1\CREATI~1\idlescrpoll.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: aoctaxci - C:\WINDOWS\SYSTEM32\aoctaxci.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: DomainService - - C:\WINDOWS\system32\lsawdclj.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9555 bytes |
|
|
|
|
Jan 25 2008, 04:17 AM
Post
#20
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
Please print off a copy of these instructions, and also save them to a Notepad file on your Desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access. Scan again with HijackThis and put a checkmark next to each of the following entries (if present): O2 - BHO: {8d4b20bc-7d54-d27b-d1f4-3f995d9ace10} - {01eca9d5-99f3-4f1d-b72d-45d7cb02b4d8} - C:\WINDOWS\system32\gpywdoiv.dll O2 - BHO: (no name) - {02D78543-78CA-418E-9F4A-9538D096352D} - C:\WINDOWS\system32\jkklj.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\aoctaxci.dll O4 - HKLM\..\Run: [Five 01 else bias] C:\Documents and Settings\All Users\Application Data\Web Okay Five 01\atom nurb.exe O4 - HKLM\..\Run: [StorageProtector] C:\Program Files\StorageProtector\SysRep .exe O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(4)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(5)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(6)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(7)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(8)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(9)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(10)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(11)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(12)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(13)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [Salestart(14)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKCU\..\Run: [CLOSESTART] C:\DOCUME~1\ONTHEG~1\APPLIC~1\CREATI~1\idlescrpoll.exe O20 - Winlogon Notify: aoctaxci - C:\WINDOWS\SYSTEM32\aoctaxci.dll O23 - Service: DomainService - - C:\WINDOWS\system32\lsawdclj.exe Then close all other windows - you should only see HijackThis on your Desktop - and click the Fix checked button. Reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Make sure you choose the option without Networking Support. Set your system to show all files. Navigate to Start | My Computer | Tools | Folder Options. Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders". Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Find and delete the following files (if present): C:\WINDOWS\SYSTEM32\aoctaxci.dll C:\WINDOWS\system32\lsawdclj.exe And the following folders: C:\Documents and Settings\All Users\Application Data\Web Okay Five 01 C:\Program Files\StorageProtector Copy and paste the following text into Notepad: CODE sc stop DomainService sc delete DomainService Save this as "services.bat". Choose to save as *all files and place it on your Desktop. Double-click services.bat. Reboot into Normal Mode again. Please download NoLop to your Desktop. First close any other programs you have running; this will need you to reboot. Double click NoLop.exe to run it Now click the button labelled Search and Destroy <<Your computer will now be scanned for infected files>> When scanning is finished you will be prompted to reboot only if infected, click OK. Now click the REBOOT button. A message should popup from NoLop. If not, double click the program again and it will finish. Please post the contents of C:\NoLop.log in your next reply. Note: If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered", please download mscomctl.ocx to your System32 folder then re-run the program. Please run Panda's ActiveScan. Once you are on the Panda site click the Scan your PC button A new window will open, click the Check Now button. Enter your personal details. Click the big Scan Now button. It will ask to install various content - please allow this. It will start downloading the files it requires for the scan, which may take a while. When download is complete, click on Local Disks to start the scan. When the scan has finished - if anything malicious is found - click the See Report button. Click Save Report and save the file to your Desktop, so you can post this log in your next reply. Please include a new HijackThis log, the Panda report and NoLop.log in your reply. -------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
Feb 14 2008, 12:08 PM
Post
#21
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
Due to lack of feedback, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
Feb 24 2008, 03:39 PM
Post
#22
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
Re-opened by request.
-------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
Feb 28 2008, 07:47 PM
Post
#23
|
|
|
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817 |
ok this is Thursday and im going to try the nolop cause my computer keeps crashing and im going away on a family trip and wont be able to do it till Sunday so plz keep it open and help me on fixing the crashing thing
|
|
|
|
|
Mar 1 2008, 05:04 PM
Post
#24
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
Okay sure. Thanks for letting me know.
-------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
Mar 4 2008, 10:58 PM
Post
#25
|
|
|
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817 |
alright im going to post this before u close it again and i figure why it keeps crashing, every time i use my computer the and i end task of the explore... it runs fine but if i keep running... it crashes every 10mins but havin no desktop is kinda gay.
hers the highjack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:53, on 2008-03-04 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HighjackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://82.98.235.210/go//?cmp=nm_wm&ui...:en-us:official O2 - BHO: {62e1975b-0573-c3aa-3e84-cc9e5585ab43} - {34ba5855-e9cc-48e3-aa3c-3750b5791e26} - C:\WINDOWS\system32\oohfaowa.dll O2 - BHO: (no name) - {44DFB43E-55D4-4314-876A-5F207F511C9F} - C:\WINDOWS\system32\jkklj.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\aoctaxci.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [BMe3e56744] Rundll32.exe "C:\WINDOWS\system32\feguxntr.dll",s O4 - HKLM\..\Run: [e0d654d8] rundll32.exe "C:\WINDOWS\system32\uaccwcpj.dll",b O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: aoctaxci - C:\WINDOWS\SYSTEM32\aoctaxci.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6753 bytes and the nolop but im going to get the panda thing asap NoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\On The Go\Desktop [2008-03-01] [06:42:09] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\BB14B9A49F232504.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... **Fix Complete!** ---Listing AppData sub directories--- C:\Documents and Settings\Administrator\Application Data\Adobe C:\Documents and Settings\Administrator\Application Data\Adobeum -- EMPTY Directory C:\Documents and Settings\Administrator\Application Data\Aol C:\Documents and Settings\Administrator\Application Data\Apple Computer C:\Documents and Settings\Administrator\Application Data\Corel C:\Documents and Settings\Administrator\Application Data\Google C:\Documents and Settings\Administrator\Application Data\Help -- EMPTY Directory C:\Documents and Settings\Administrator\Application Data\Identities C:\Documents and Settings\Administrator\Application Data\Intervideo C:\Documents and Settings\Administrator\Application Data\Macromedia C:\Documents and Settings\Administrator\Application Data\Microsoft C:\Documents and Settings\Administrator\Application Data\Mozilla C:\Documents and Settings\Administrator\Application Data\Msn6 C:\Documents and Settings\Administrator\Application Data\Myprivacy C:\Documents and Settings\Administrator\Application Data\Real -- EMPTY Directory C:\Documents and Settings\Administrator\Application Data\Sbsoft C:\Documents and Settings\Administrator\Application Data\Sony Corporation C:\Documents and Settings\Administrator\Application Data\Sun C:\Documents and Settings\Administrator\Application Data\Symantec C:\Documents and Settings\Administrator\Application Data\The Labyrinth Plus! Edition C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Aol C:\Documents and Settings\All Users\Application Data\Apple C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Google C:\Documents and Settings\All Users\Application Data\Messenger Plus! C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Msn6 C:\Documents and Settings\All Users\Application Data\Olympus C:\Documents and Settings\All Users\Application Data\Quicktime C:\Documents and Settings\All Users\Application Data\Salesmon C:\Documents and Settings\All Users\Application Data\Sony C:\Documents and Settings\All Users\Application Data\Sony Corporation C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy C:\Documents and Settings\All Users\Application Data\Storageprotector C:\Documents and Settings\All Users\Application Data\Superantispyware.com C:\Documents and Settings\All Users\Application Data\Symantec C:\Documents and Settings\All Users\Application Data\Viewpoint C:\Documents and Settings\All Users\Application Data\Wlinstaller C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Localservice\Application Data\Google -- EMPTY Directory C:\Documents and Settings\Localservice\Application Data\Macromedia C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Localservice\Application Data\Mozilla C:\Documents and Settings\Localservice\Application Data\Sbsoft C:\Documents and Settings\Networkservice\Application Data\Microsoft C:\Documents and Settings\On The Go\Application Data\Adobe C:\Documents and Settings\On The Go\Application Data\Adobeum -- EMPTY Directory C:\Documents and Settings\On The Go\Application Data\Apple Computer C:\Documents and Settings\On The Go\Application Data\Creative Mp3 Log C:\Documents and Settings\On The Go\Application Data\Identities C:\Documents and Settings\On The Go\Application Data\Limewire C:\Documents and Settings\On The Go\Application Data\Macromedia C:\Documents and Settings\On The Go\Application Data\Mailfrontier C:\Documents and Settings\On The Go\Application Data\Microsoft C:\Documents and Settings\On The Go\Application Data\Mozilla C:\Documents and Settings\On The Go\Application Data\Soundspectrum C:\Documents and Settings\On The Go\Application Data\Sun C:\Documents and Settings\On The Go\Application Data\Superantispyware.com C:\Documents and Settings\On The Go\Application Data\Syntrillium C:\Documents and Settings\On The Go\Application Data\U3 C:\Documents and Settings\On The Go\Application Data\Utorrent C:\Documents and Settings\On The Go\Application Data\Xmlblueprint 5 |
|
|
|
|
Mar 6 2008, 04:52 PM
Post
#26
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
Please now run Vundofix for me and post the log with a new HJT log and the requested Panda log.
Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
Mar 10 2008, 11:41 PM
Post
#27
|
|
|
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817 |
hey, i couldn't do the panda thing bcause i didnt have the active X thing and the last time i got a active x thing i got a virus so do you have one that is legit
highjackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:40, on 2008-03-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HighjackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://82.98.235.210/go//?cmp=nm_wm&ui...:en-us:official O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9F903BC1-2350-43C7-BFBC-E00A60B52B71} - C:\WINDOWS\system32\jkklj.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: {4b3ca8e4-ec9a-15b9-7884-720739816d0c} - {c0d61893-7027-4887-9b51-a9ce4e8ac3b4} - C:\WINDOWS\system32\fefocwxk.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [e0d654d8] rundll32.exe "C:\WINDOWS\system32\pdfrmbyl.dll",b O4 - HKLM\..\Run: [BMe3e56744] Rundll32.exe "C:\WINDOWS\system32\rohickhb.dll",s O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\limewire\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6591 bytes vundo log VundoFix V6.7.7 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 9:09:26 PM 1/19/2008 Listing files found while scanning.... C:\windows\system32\jikvpvpu.dll C:\windows\system32\jikvpvpu.dllbox C:\windows\system32\jkklj.dll C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini2 Beginning removal... Attempting to delete C:\windows\system32\jikvpvpu.dll C:\windows\system32\jikvpvpu.dll Has been deleted! Attempting to delete C:\windows\system32\jikvpvpu.dllbox C:\windows\system32\jikvpvpu.dllbox Has been deleted! Attempting to delete C:\windows\system32\jkklj.dll C:\windows\system32\jkklj.dll Could not be deleted. Attempting to delete C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini Has been deleted! Attempting to delete C:\windows\system32\jlkkj.ini2 C:\windows\system32\jlkkj.ini2 Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.7.7 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 11:35:05 PM 1/19/2008 Listing files found while scanning.... C:\windows\system32\jkklj.dll C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini2 Beginning removal... Attempting to delete C:\windows\system32\jkklj.dll C:\windows\system32\jkklj.dll Has been deleted! Attempting to delete C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini Has been deleted! Attempting to delete C:\windows\system32\jlkkj.ini2 C:\windows\system32\jlkkj.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\jkklj.dll C:\windows\system32\jkklj.dll Could not be deleted. Attempting to delete C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini Has been deleted! Attempting to delete C:\windows\system32\jlkkj.ini2 C:\windows\system32\jlkkj.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Beginning removal... VundoFix V7.0.1 Scan started at 19:04:03 2008-03-10 Listing files found while scanning.... C:\windows\system32\aoctaxci.dll C:\windows\system32\aoctaxci.dllbox C:\windows\system32\jkklj.dll C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini2 Beginning removal... Attempting to delete C:\windows\system32\aoctaxci.dll C:\windows\system32\aoctaxci.dll Has been deleted! Attempting to delete C:\windows\system32\aoctaxci.dllbox C:\windows\system32\aoctaxci.dllbox Has been deleted! Attempting to delete C:\windows\system32\jkklj.dll C:\windows\system32\jkklj.dll Has been deleted! Attempting to delete C:\windows\system32\jlkkj.ini C:\windows\system32\jlkkj.ini Has been deleted! Attempting to delete C:\windows\system32\jlkkj.ini2 C:\windows\system32\jlkkj.ini2 Has been deleted! Performing Repairs to the registry. Done! |
|
|
|
|
Mar 12 2008, 01:16 PM
Post
#28
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
Installing the ActiveX will only be for Panda, it is perfectly harmless; no other software will be able to use it.
-------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
Mar 13 2008, 10:59 PM
Post
#29
|
|
|
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817 |
ya but the last one i found gave me desktop computer a virus, so if u guys have one that wont give me a virus that would be nice
|
|
|
|
|
Mar 15 2008, 02:47 PM
Post
#30
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
Panda will not give you a virus.
-------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 19th March 2010 - 10:00 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.